[CALUG] opinion on book(s) on network security?

Miguel Gonzalez Castaños miguel_3_gonzalez at yahoo.es
Sun Jun 8 14:20:19 EDT 2008 

Some free docs about securing RedHat, you can use it as reference to
secure other distros:

http://www.openna.com/products/books.php

http://www.openna.com/documentations/documentations.php

Miguel



Jim Sansing wrote:
> I agree with Rajiv, for most home networks, books are overkill (or in
> some cases, underkill).  My suggestions for home networks are:
>
> - It is assumed that when you say 'home network' you have a router
> connecting to your ISP.  If not, get one.  The 2 routers I have had were
> set to disallow inbound connections to any port by default, but verify
> this.  Then, if you allow any port to have access, specify the hosts or
> subnets to be allowed to use it.  This will get you 75% of the way to a
> protected network.
>
> - If you have a wifi access point, make sure it has encryption enabled. 
> You will have to set a key on each computer that uses it.  WPA/WPA2 is
> stronger than WEP, but if all your access point supports is WEP, at
> least use it.
>
> - If you have MSFT on your network, especially make sure unnecessary
> services are turned off.  If you are not using file/print sharing,
> disable it.  And it is my understanding that some versions have ports
> open for unneeded services, such as database access, by default.  If you
> haven't already, replace IE with Firefox (as your primary browser),
> Outlook with Thunderbird, Office/Works with Open Office, chat apps with
> Pidgin (GAIM), etc.
>
> - Set BIOS passwords.
>
> - Keep updates up-to-date.
>
> - Educate everyone who has access to a computer on your network about
> good passwords, how to handle spam, avoiding links that go to unknown
> sites, and good netiquette.
>
> - If you are still concerned, install nessus or nmap and run a local
> scan periodically.  You can also install host IDSes, such as Tripwire (I
> don't know of a FOSS equivalent for MSFT), on each host altho'
> monitoring them can be time consuming--weekly is probably sufficient.
>
> This much should put you in the top 90 percentile of secure home
> networking, and will probably be enough to convince attackers to defer
> to lower hanging fruit (ie. the bottom 90 percentile ;-).
>
> Later . . .   Jim
>
>
> Rajiv Gunja wrote:
>   
>> Ed,
>> I have read/browsed that book online. I felt that it is good only for
>> learning different jargons that is put out there when geeks and
>> sysadmins talk about security. But it fails very much to explain how
>> to protect your system or even simply identify what services a
>> distribution will have open.
>>
>> Yes I agree that it is very difficult to write a Linux Network
>> Security when there are over 150 Linux Distributions, but at least the
>> basic concept of Security should be covered in a book I read and this
>> book fails it.
>>
>> I would suggest couple of alternatives:
>>
>>     * Go to a book store, if you or your company does not own access
>>       to Online Book Library, find a nice chair and browse through 2
>>       or 3 Security books, does not matter if they are Linux or UNIX
>>       (avoid Windows as that OS has nothing in common with Linux)
>>     * If you own your own Linux Server, find out which services you do
>>       not need and shut it down. For even my desktop, I run http and
>>       ssh and thats about it.
>>     * Choose a distribution which does not install all kinds of
>>       application you do not need. Good way is to create a kickstart
>>       file with the bare minimum if you are installing servers.
>>       Avoiding X is also good when installing servers.
>>     * If this server is in your company, ask your company to purchase
>>       a good port/vulnerebility scanner and scan all your servers.
>>
>>
>> Where I work, I get my servers scanned once before the applications
>> are installed and once after, thus avoiding any unwanted ports or
>> vulnerebility of apps.
>>
>> Hope this helps.
>>
>> -GGR
>> Rajiv G Gunja
>>
>>
>> On Sat, Jun 7, 2008 at 8:31 AM, Ed Browne <edward_d_browne at yahoo.com
>> <mailto:edward_d_browne at yahoo.com>> wrote:
>>
>>
>>     Has anyone seen the book "Linux Network Security"
>>     by Peter G. Smith?  Can you recommend it?  I stumbled
>>     across it, and it seems possibly to be what I'm looking
>>     for, a practical book with emphasis on protecting your
>>     home (linux) network from the big, bad world outside.
>>     If you have other recommendations along those lines,
>>     I'd be happy to hear them.
>>
>>     Thanks very much - Ed
>>
>>
>>     _______________________________________________
>>     CALUG mailing list
>>     CALUG at unknownlamer.org <mailto:CALUG at unknownlamer.org>
>>     http://lists.unknownlamer.org/listinfo/calug
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> CALUG mailing list
>> CALUG at unknownlamer.org
>> http://lists.unknownlamer.org/listinfo/calug
>>   
>>     
>
> _______________________________________________
> CALUG mailing list
> CALUG at unknownlamer.org
> http://lists.unknownlamer.org/listinfo/calug
> ------------------------------------------------------------------------
>
>
> No virus found in this incoming message.
> Checked by AVG. 
> Version: 8.0.100 / Virus Database: 270.0.0/1485 - Release Date: 6/5/2008 10:07 AM
>

More information about the CALUG mailing list