-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Tyler, Your questions would be more appropriately answered by a couple of books than a simple e-mail. However, some things that come to mind: 1. Turn off unused services. Services that aren't enabled can't be attacked. That greatly simplifies the issues, including patch management, since it doesn't really matter if a daemon (say, httpd the web server) becomes vulnerable when you're not running that daemon. Therefore, if your system is a web server there's little reason to run anything other than Apache or similar and the minimum set of things for Unix/linux to still work. 2. It is never enough to just run a firewall, especially some default configuration that comes with your distro or something you find on the web. If you're serious about security you need to learn IPtables, understand the issues and develop your own rules and policies. 3. You do NOT want to deny ssh to everyone, unless you're certain that you will never ever need to do remote administration. If that's the case, don't just deny access - disable sshd altogether. But despite what you may have heard ssh is still very safe and it beats every other option for remote admin - as long as you pick good passwords and keep your system up to date. 4. Use the tcp wrapper. 5. Keep your system up-to-date. There are lots and lots of other things to think about depending on your environment. Note that the issues are basically the same no matter the operating system. Although Windows is intrinsically more vulnerable, there is still a lot you can and should do to make it more secure and no matter how secure you've heard Unix/Linux is, if you don't be careful it's very easy to render it vulnerable. I would recommend you get the O'Reilly "Essential System Administration" book and start from there. About Debian patching, the short of it is that it's very easy to know which patches you need. Get yourself familiarized with tools like apt, synaptic and aptitude. Also, have a look at www.debian.org/security and the links you will find there, especially the manual called "Securing Debian". Hope this helps! Yuri Tyler Littlefield wrote: > Hey list, > I am working on a secure system. > I have a quick question. What kinds of things besides a firewall, and not > granting ssh to anyone can I do to secure linux? I am currently using > debian. Also, I have read about patches. How do I know which ones to > install, and where would I find them? > Thanks, > ~~TheCreator~~ > website: > http://tysplace.shaned.net > msn: > compgeek134@xxxxxxxxxxx > aim: > st8amnd2005 > skype: > st8amnd127 > moo coder/wizard and administrator > > - > : send the line "unsubscribe linux-admin" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html - -- Yuri Csapo Academic Computing & Networking Colorado School of Mines Green Center Rm 249 Phone: (303) 273-3503 Fax: (303) 273-3475 Email: ycsapo@xxxxxxxxx Please use the following link to open a service request: http://helpdesk.mines.edu =========================================== With a PC, I always felt limited by the software available. On Unix, I am limited only by my knowledge. - --Peter J. Schoenster -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEkxmH+RvQxW88fq4RAiMKAKCMDmO87U569tryoffiuPJEV0H79QCdGzHX sxsg3tRx+f5WUYfRXb0F4xo= =QCYi -----END PGP SIGNATURE----- - : send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
