-original query _at_EOF-
First, let me thank you all for your extensive help with this:
Stan Themanwhowantstoremainnameless
Rob Hamm
Christopher O'Malley
Peter Woit
Rick Beebe
Santosh Krishnan
Peter Chapin
Ian Veach
Andrew Leonard
Neil Higson
Terry Horsnell
Robin Kellett
Del Hedges
Randall R. Cable
Brian Benson
I couldn't have asked for a more helpful and concerned group (and no flames! i
figured i would get at least one from some weiner :).
There was a mess of information in the replies, so i have categorized them (the
most often recommended marked with a *) to make things a little simpler:
BOOKS, TOOLS, SITES, and general ADVICE.
before i list these, however, i feel i must share what Andy Leonard wrote:
"If those boxes have been exposed to the rest of the world - that is,
connected to the internet, not behind a firewall, turned on and accepting
connections on any port - there is a good chance that they have been compromised
(*they have, that's why you all got this plea for help from me*). You should
give some serious consideration to completely reinstalling each system from the
"bare metal", particularly if you know of any intrusions. This will be the only
way that you can be sure that the systems are not compromised. Patching the
systems in their current state may simply be closing the barn door after the
horse has been gone for quite some time: intruders frequently leave backdoors
through which to return later."
BOOKS:
*Practical Unix and Internet Security by Garfinkel & Spafford
Essential Guide to Unix and Network Security by Gene Spafford
Essential Sytem Administration
Unix System Administration
(most of these books are O'Reilly)
TOOLS:
*mscan this can be found at www.rootshell.com
sectools
ftp://ciac.llnl.gov/pub/ciac/sectools
nmap (apparently for Linux) www.dhp.com/~fyodor/nmap
SITES:
*
http://www.cert.org this a CERT announce list that was recommended by MANY
http://www.ssh.fi/sshprotocols2/index.html this is about encryption
http://www.columbia.edu/acis/security/tips-woit.html
http://www.columbia.edu/acis/security/intruder-tracks-woit.html
http://www.sans.org/
http://www.ugu.com/ (i practically live here, it is my home page)
http://www.usenix.org
http://www.iss.net
http://www.misti.com/stanreq.html (i think this is Ultrix-specific)
http://unix.digital.com/faqs/publications/base_doc/DOCUMENTATION/
V40D_HTML/AQ0R2DTE/TITLE.HTM
ADVICE:
*get the most recent patch cluster for the given OS and install them!
*get on any security announcement email list and read them!
be sure that you are running all the latest software on your system
(especially OS & any network servicing programs)
port scan systems to see what they are doing (see nmap in TOOLS above)
disable unnecessary services on each machine (ie: unless the system is a mail
hub/relay, disable sendmail; unless the system is an NFS server, disable
any NFS server related processes, etc)
get and install TCP wrappers and use them!
get on the CERT announce list!
look into using encryption to remotely manage your systems (see TOOLS above)
learn how to turn off just about all incoming network access and control very
carefully who logs into the things
get some O'Reilly books
take a security training program
be your own hacker for a while (see mscan in TOOLS)
work through the security checklist provided by www.cert.org
check with DEC people
for Ultrix, download the latest versions of bind, sendmail, X, etc that would
run on my system, compile them and get them to run, one by one
for DECunix, upgrade to a newer version if affordable
i hope these suggestions will be as useful to others as they were to me.
my personal solution for our immediate problem is to try as many of the above as
is humanly possible.
THANKS AGAIN!!
Josie Young
young_at_nuc003.psc.sc.edu
------------original query:--------------
hello all,
i hope someone can help me.
i have three boxes on which i need to address security issues. this has not been
done before (at least not in the last 4 yrs and not to my knowledge) and i do
not know where to start. i have searched the web and the archives with no
useable results.
Q: how do i begin to find possible security holes in my systems?
I NEED THE VERY BASICS
the boxes are:
ultrix4.4
decunix3.2c
linux??.? (don't ask, long story)
thank you for any help you can/may give,
josie
Received on Thu Nov 19 1998 - 23:17:54 NZDT