Security Basics mailing list archives
Re: A good starting point
From: James Taylor <james_n_taylor () yahoo com>
Date: Tue, 18 Mar 2003 07:04:32 -0800 (PST)
Paul, Buy a book and wade through it, it's not that bad. Read the 'Hacking Exposed' series. Check out CERT websites. Read & search through the Security Focus archive and articles. Understand that no technology will stop a detirmined hacker. Not because of the technology, but normally because of the way it's implemented or the processes an organisation implements internally. I would suggest that, being a college with no budget, you are up against it. By 'applying the basics' of packet-filtering routers, firewalls, IDS's (network - (snort) & host (tripwire)), hardening your servers (& only run services you need, not what the administrator demands), encryption on sensitive data/connections and employing a good access control policy (strong passwords changed regularly), you will go some way (way more than most ;-)) to preventing attacks. Being a college, you have to assume that the internal network is not safe, therefore you should take the approach that 'users' logging on to use 'network resources' must have strong authentication mechanisms to ensure that the system knows the identity of who is accessing services. E.g. Kerberos on NT. I have no personal knowledge of a Pix, but I know if it's set up correctly, it's a strong barrier. Oh - if they are short of cash, why buy a pix? And another thing, don't let people on public mailing lists know your organisation's domain name - you've just told them your hardware. Regards James --- Paul Hawkinson <phawkinson () montreat edu> wrote:
There is so much information of the internet these days about security that it is hard as a security neophyte to know the places to find the information that I need to know to tighten the security on my network. We have recently gotten a Pix 515 firewall and I need to know the best way for me to get ramped up on setting it up so we are better protected from attacks from the internet. So, I guess what I want to hear from the folks here is what are the best resources for learning about securing my network. Yes, I want to be able to configure my Pix firewall, but I also want to know what types of attacks the Pix wont be able to repel. I work for a small private college and getting the funding to go to some security training classes just isnt there. We were lucky enough to get the money for the Pix. I know there are wonderful sites, security tutorials and books out there but it is hard to sift through all of the resources that are available. Thanks everyone, Paul
__________________________________________________ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com
Current thread:
- A good starting point Paul Hawkinson (Mar 17)
- RE: A good starting point Brad (Mar 18)
- Re: A good starting point James Taylor (Mar 18)