Re: General questions about security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Les Bell a écrit :

Policy. It's a drag, writing policies, but without policies, you're in the
"Ready! Fire! Aim!" school of security.  The top tier of policy is the
"Enterprise Security Policy", which establishes the security function,
roles, responsibilities, budget, etc. It also gives the power to enforce
penalties for breaches of policies. At the next tier, you have system- and
issue-specific policies, such as the "Use of corporate email" policy, the
"Inappropriate content in the workplace" policy. You may then move down to
standards (platforms, SOE, etc.) and procedures (e.g. for provisioning user
accounts, resetting passwords, etc.).

<snip>

Thanks for your very detailed response. Though I can't help feeling a bit like having asked for an identity photo... and getting a 10-foot oil painting :oD

Basically, all I'm concerned about security-wise is a modest Apache/PHP/MySQL server running a single public library management software, and interconnecting eleven (small) public libraries, with a total of 60.000 database entries. No (very) big deal.

The configuration is supposed to run on a dedicated server, so my question will be more practical:

- Is it worth the hassle to bother with SELinux?

- Is the standard firewall configuration enough, or do I really have to fine-tune the thing?

- Basically, what auditing tools besides NMap can you recommend for such a thing?

cheers,

Niki
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux