Re: Hardening against attacks?

"Dallas" <dallas@xxxxxxxxxxx> · Tue, 29 Oct 2002 14:19:38 -0700

Title: RE: Hardening against attacks?

I currently limit all activity as much as I can 
anyway however, I work for a company that wants the bells & whistles 
that Microsoft sold them. When I brought Linux in here they laughed, however we 
have not had a virus make it to the desktop in 9 months, and Their prized 
NT 4.0 Enterprise Server has been taken out twice in the same time. It sets out 
side of the Linux firewalls, behind a Cisco 2600. 

I currently use Sendmail/Procmail to forward, scan 
& content filter all emails into the Exchange Servers. I also utilize 
Spamhaus.org's Spam block list. I also run NSA's hardened kernel 2.4.19, Snort, 
iptables and Tripwire. I still get 5-10 different attacks on average per 
day, most of which are looking for MS Internet Information Server holes. I want 
to automatically track these people down, so I do not have too.

Thanks for your input.

  ----- Original Message ----- 
  From: 
  Cochran Robert L (NO) 
  To: 'psyche-list@redhat.com' 
  Sent: Tuesday, October 29, 2002 1:24 
  PM
  Subject: RE: Hardening against 
  attacks?

  I agree with Kevin. Securing a network is (very) hard work. 

  Thanks 

Robert L. Cochran 
-----Original 
  Message----- 
From: Kevin McConnell [mailto:kevymac@yahoo.com] 
Sent: Tuesday, October 29, 2002 2:08 PM 
To: psyche-list@redhat.com 

Subject: Re: Hardening against attacks? 

  --- Dallas <dallas@crd-dwc.com> wrote: 

> I am looking for recommendations in hardening 
  RedHat 
> 8.0 from both virus and attacks, to 
  protect a 
> network. I currently use (4) Rehat 7.1, 
  based x86 
> systems to protect an internal network. 

> 
> However, I am tired 
  of finding someone or mostly 
> servers/pc's that 
  have been taken over without the 
> owners knowledge 
  attacking us. Or probing for holes. 
> 

> I want to find a monitoring software that 
  will 
> detect an attack, find the source and send 
  an abuse 
> report & notify me, maybe more. 

> 

  The problem here is that security and virus prevention 

is not an event. It is a process, that is long and 

much work, and continual. There is no magic bullet. No 

one tool, or one answer. In order to securify and 

protect against these things, some common sense must 

be employed. For example, using mail clients that 

don't allow VBscript to run, such as outlook. ( I 

picked this one because I notice that you are using it 

). Also, sending and receiving HTML mail as opposed to 

plain text ( I also picked this one for obvious 

reasons ). This can also drastically reduce problems. 

Sometimes it's the little things that matter. 

Sometimes we don't have control over things. Using 

portscan detection, libwrap options, virus stripping 

programs, attack fingerprint detection software and 

everything you can think of... that's protection. Not 

enough, but it's a start. To really securify and 

protect, you need protection in layers... multiple 

layers. Reading is the prevention you need. 

  ===== 
Kevin C. McConnell --RHCE-- 
  <Red Hat Certified Engineer> 
  __________________________________________________ 

Do you Yahoo!? 
HotJobs - Search new 
  jobs daily now 
http://hotjobs.yahoo.com/ 

  -- 
Psyche-list mailing list 

Psyche-list@redhat.com 
https://listman.redhat.com/mailman/listinfo/psyche-list 