• Choose a category
• All
• Classic-Fiction

Every host within your organization should be individually secured and regularly monitored with tools such as crack, tcpd, nmap, COPS, and tripwire. Otherwise, you are simply building a structure that has a hard crunchy outside and a soft chewy center. On the Internet, it doesn’t take many licks to get to the center of that bonbon.

Ideally, local users should be able to connect to any Internet service they want, but machines on the Internet should only be able to connect to a limited set of local services. For example, you may want to allow FTP access to a local archive server and allow SMTP (email) connections to your mail server.

If you want to maximize the value of your Internet connection, we recommend that you emphasize convenience and accessibility when deciding how to set up your network. At the end of the day, it’s the system administrator’s vigilance that makes a network secure, not a fancy piece of firewall hardware.

21.10 SOURCES OF SECURITY INFORMATION

Half the battle of keeping your system secure consists of staying abreast of security-related developments in the world at large. If your site is broken into, it probably won’t be through the use of a novel technique. More likely, the chink in your armor will have been widely discussed on security-related newsgroups and mailing lists.

CERT: a registered service mark of Carnegie Mellon University

In response to the uproar over the 1988 Internet worm, the Defense Advanced Research Projects Agency (DARPA) formed an organization called CERT, the Computer Emergency Response Team, to act as a clearing house for computer security information. CERT is still the best-known point of contact for security information, though it seems to have grown rather sluggish and bureaucratic of late. CERT also now insists that the name CERT does not stand for anything and is merely “a registered service mark of Carnegie Mellon University.”

Although CERT’s charter includes some degree of problem solving, in reality CERT lacks the ability to investigate problems or discipline offenders, and so it is really little more than a repository for vendor security patches and security tool announcements. These patches and announcements are called “CERT advisories.” New advisories are posted to www.cert.org, emailed to the cert-advisory mailing list, and submitted to the newsgroup comp.security.announce. To subscribe, see

http://www.cert.org/contact_cert/certmaillist.html.

SecurityFocus.com and the BugTraq mailing list

SecurityFocus.com is a site that specializes in security-related news and information. The news includes current articles on general issues and on specific problems; there’s also an extensive technical library of useful papers, nicely sorted by topic.

SecurityFocus’s archive of security tools includes software for a variety of operating systems, along with blurbs and user ratings. It is the most comprehensive and detailed source of tools that we are aware of.

The BugTraq list is a moderated forum for the discussion of security vulnerabilities and their fixes. To subscribe, send email to listserv@securityfocus.com with the following message body:

SUBSCRIBE BUGTRAQ lastname, firstname

Traffic on this list can be fairly heavy, however. A database of BugTraq vulnerability reports is also available from the web site.

SANS: the System Administration, Networking, and Security Institute

SANS is a professional organization that sponsors security-related conferences and training programs, as well as publishing a variety of security information. Their web site, www.sans.org, is a useful resource that occupies something of a middle ground between SecurityFocus and CERT: neither as frenetic as the former nor as stodgy as the latter.

SANS offers several weekly and monthly email bulletins that you can sign up for on their web site. The weekly NewsBites are nourishing, but the monthly summaries contain a lot of boilerplate. Neither is a great source of late-breaking security news.

Vendor-specific security resources

Because security