---- Well , Friends sent their comments about OSes security, but after all If you selected your perfered OS , what will you do for securing it ?

Reply

I think Windows 2000 and XP are among the more secure operating systems out there, providing that the user knows how to use it effectively. Of course, if one downloads one too many things to install on the computer, the computer may slow down a bit and may be threatened by what may be contained in the software.

Anyway...I digress. Apart from the Windows OS I just mentioned, I heard a lot of raves about Linux, too. Thing is, I haven't used it yet to give an opinion on it.

Reply

Well, I've voted for Linux. So here are tips on how to secure it further:

Physical Security:
Password protect the lilo(OR GRUB OR other bootloader) prompt.
Disabl crtl+alt+del shutdowns by any other user than root
use su, with securety settings
Disable root login


Disable following daemons(OR change default settings):
Sendmail
Bind
NFS & Samba
ATD
PCMCIA
DHCPD
GPM
INND
GATED
NIS
SNMP
APACHE
FTPD
Misc Services

SysLogs
Tweak your syslog.conf file to be more security concious.

Secure Passwords
Secur /etc/passwd by us "shadow" passwords


Secure miscellaneous tools by changing default settings(following softwares and others):

gcc
g++
cc
colorgcc
w
who
fer
p
telnet client
shh client
tracerout


Set secure file permissions for:

/bin/
/boot/
/dev/, /dev/audio, and /dev/dsp.
/etc/ and several important files within.
/home/
/usr/ and directories within /usr/.
/var/, /var/log/, and /var/spool/mail/.


IP spoof protection
Prevention of remote hosts from gain access to your box through IP spoof.
Secure inetd services and hosts allowed/denied.


Secure against remote attack:
Secure against DoS/dDoS and other attacks.
Install firewall.

Finel Step:
Update system regularly. Always use stable versions while updating the system. The beta versions are just for testing purposes and they may make the entire system unsecure.
Also the sourse of the softwares should be reliable.
You just can not trust anyone if you want to be secure.

There are infinite possibilities and prevention steps to follow while you want to be secure. So be Alert, Very Alert.

 

 

 

Reply

Well Thanks Sunny, Let me add some security links for linux :
- Apache Web Server Security Tips
http://www.apache.org/docs/misc/security_tips.html
- Red Hat Security Page
http://www.redhat.com/LinuxIndex/Administration/Security/
- XForce (ISS) Library
http://xforce.iss.net/library/
- BugTraq
http://www.securityfocus.net/bugtraq/archive
- CERT Coordination Center
http://www.cert.org/
- CGI & Perl
http://www.genome.wi.mit.edu/ftp/pub/softw...W/cgi_docs.html
- CIAC - Computer Incident Advisory Capability
http://www.ciac.org/ciac/
- COAST Hotlist: Computer Security, Law & Privacy
http://www.cs.purdue.edu/coast/hotlist/
- COAST Hotlist: Internet Firewalls
http://www.cs.purdue.edu/coast/firewalls/
- COAST Security Archive
http://www.cs.purdue.edu/coast/archive/index.html
- Dave Dittrich's Security Page
http://www.washington.edu/People/dad/
- Firewall Wizards Mail Archive
http://www.nfr.net/firewall-wizards/fwsearch.html
- HackerWacker
http://www.hackerwhacker.com/
- IP Masquerading Site
http://www.indyramp.com/masq/
- Lance Spitzner's Security Publications
http://www.enteract.com/~lspitz/papers.html
-Linux Security Resources
http://www.linux-security.org/
- Matt's Unix Security Page
http://www.deter.com/unix/
- NIH: Computer Security Information
http://www.alw.nih.gov/Security/security.html
- N- IPC: National Infrastructure Protection Center
http://www.nipc.gov/
- Linux Security Systems and Tools
http://www.linas.org/linux/secure.html
- Root Shell
http://www.rootshell.com/
- SANS Institute
http://www.sans.org/
- Security Focus
http://www.securityfocus.net/
- Security Portal
http://www.securityportal.com/
- WWW Security Resources
http://www.w3.org/Security

Have fun

Reply

In last post I've added some linux security links , also here's some security tools for linux :

:: ipfilter - packet filter
http://cheops.anu.edu.au/~avalon/ip-filter.html
:: rsaeuro - cryptographic toolkit
ftp://ftp.ox.ac.uk/pub/crypto/misc
:: SSH - Comercial versions SSH1 and SSH2
http://www.cs.hut.fi/ssh/
:: SSL - Encrypted telnet
ftp://ftp.tu-chemnitz.de/pub/Local/informatik/sec_tel_ftp/
:: WinSCP - scp (secure copy) client.
http://winscp.vse.cz/eng/
:: Netlog - TCP and UDP suspicious traffic logging system
http://www.net.tamu.edu/network/tools/netlog.html
:: TAMU - Texas A&M University developed tools
http://www.net.tamu.edu/network/public.html#Security
:: PuTTY - Telnet, SSH, SCP, SFTP client
http://www.chiark.greenend.org.uk/~sgtatha...y/download.html
:: SARA - Security Auditor's Research Assistant - network security vulnerability scanner.
http://www-arc.com/sara/sara.html
:: satan - Security Administrator Tool for Analyzing Networks
http://www.fish.com/satan/
:: Rkdet - root kit detector daemon. Intended to catch someone installing a rootkit or running a packet sniffer.
http://vancouver-webpages.com/rkdet/

hope to enjoy

Reply

That's Wonderful RemoteConnection, Thanks.

Linux is just a true OS for a web server task. With some sicurity settings Linux just becoms Buletproof.

If you are using directly or indirectly linux hosting ( OR Linux) then you should also know about the security settings. And RemoteConnection has done a wonderful task here. At least you should take a look at some of the site listed by RemoteConnection.

Reply