At 09:49 PM 7/19/01 -0400, Krishna Tateneni wrote:
> I've tried out the Bastille Linux script which looks pretty cool.
Bastille Linux script is cool indeed. One of the nice things about it is it
explains the why's if you are interested in them.
Ref URL: http://www.bastille-linux.org/
It is helpful to understand the why's of security as well as the how's. The
why's help one to gain insights into keeping up with the how's as software
changes. Although knowing how to hack into a system, in itself, doesn't
made one qualified to secure the system, it is very helpful having an idea
of how systems are hacked, cracked, and whacked. Then add some insights how
to secure systems (including the human systems associated with the
networks). The Hacking Exposed book and similar books are must-have items
for network administrators.
Ref URL: http://www.hackingexposed.com/
(Take a look at the site's "Books" page for an annotated list of sme good
info security books, including ones specifically for Linux.)
Finally, a very helpful site for looking up Linux exploits and fixes is
SecurityFocus.com. It is linked to the BugTraq maillist. Not most
comprehensive but it's free (compared to some fee-based vulnerability
databases) and it's one of my fist stops for security research.
Ref URL: http://www.securityfocus.com/
(To look up Linux exploits, one can follow the Linux links or select
"Vulnerabilities" and, then, look up Linux items.
J.D. Abolins
