Re: Unix Security Standards, books, tools...

Sun, 02 Dec 2001 14:48:07 -0800 

On Wed, Nov 28, 2001 at 06:08:37PM -0800, tony toni wrote:
> Folks,
> 
> I recently was assigned the project of developing security standards for our 
> Unix environment. We have about 400 unix box's (HP-UX, Sun Solaris, AIX, 
> etc)and the admins do their *own thing* with these boxes.
Well that is what some sys-admins do.. what kind of security do they have setup?Do all 
the unix boxes have individual firewalls.  Do you use Kerbos of S/key authentactions? 
(sorry about my spelling).  What about the routers between all the Unix boxes are they 
locked down or a nice wide open door?  
> 
> This is not a project I exactly like...I am buried with 20 other 
> projects...and I am not Unix guru. For each Unix *flavor*, I need to develop 
> Unix security standards that will cover areas like configuration settings, 
> defaults, permissions, admin. account, password file, shells, trusts, root, 
> patch's, logging, etc.
> 
> These are my questions:
> 
> (1) Does anyone know where I can quickly get my hands on some high quality, 
> concise security standards/templates/checklists? for each Unix *flavor*?
there are many web-pages with this informations on locking down unix.  search google 
for some ideas.  check out this web site.. i find it pretty food 
http://www.deter.com/unix/

Also check out www.secureroot.com and www.securityfocus.com they have a lot of 
informaion on computer security informaing and good links to other sources.
> 
> (2) What about good books/sites on Unix Security?
Maximum Security: a hacker's guide to protecing your internet site and network
Practical UNIX & internet secuity. 
Essential System Administration.
Firewall and Internet Security: Repelling the Whily Hacker
Building Internet firewalls
Hacking exposed.
They are all good books availiable at almost any local book store. 
I know Borders has a section about computer security.  Look there they have a lot of 
good informaion 
> 
> (3) What about user friendly software tool(s) that I can  periodically use 
> to audit the Unix boxes for compliance to the new security standards I 
> developed?
If you want user friendly tools. I dont know of many for unix.. i would recomend using 
something like snort for IDS,  and setup scripts to watch for wierd activity.
And rembemer the basic rule of secuity.  What is not needed is not installed

> 
> Thanks
> 
> Tony
> IT Security Manager
> Major Telecommunications Company
> 
> 
> 
> 
> 
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
>

Attachment: msg01928/pgp00000.pgp
Description: PGP signature

  • ... tony toni
    • ... Ryan Anderson
      • ... Gurpreet Singh
        • ... Ryan Anderson
          • ... Paul Muscato
        • ... makaveli
        • ... Marcia Barrett Nice
    • ... Joe Shaw
    • ... Meritt James
    • ... leon
    • ... Craig Van Tassle
    • ... Ziggy
      • ... Dan Trainor
    • ... Kanikkannanl PN-149709 Dept-corp Audit Div Desg-Asst.Manager 1/421037 Ph-43983/45283
    • ... makaveli
    • ... Phil Schultz
    • ... falbu
    • ... centipede

Reply via email to