stason.org logo Articles / TULARC / Security / Security Patches / lotus


no previous pagepage up: Security Patches FAQnext page: 2 - Type of Operating System and its Vulnerabilities (Security Patches)

1 - Generic Things to Look For (Security Patches)

stason.org

 Articles


 Development


 Books


 Teaching


 Photography


 Bits and Pieces


 TULARC


 Contact Us


 Site Map



Search






Favorites

  Free Online Books


  Meta Religion


  Travel Blogs


  StasoSphere


  Healing Info


  Article Collection


  Practical mod_perl


  mod_perl2 Book


  MailChannels













Description

This article is from the Security Patches FAQ, by Christopher Klaus cklaus@iss.net with numerous contributions by others.

1 - Generic Things to Look For (Security Patches)

* Firewalling is one of the best methods of stopping pontential
intruders. Block all UDP traffic except for DNS and nameserver ports.
Block all source routing and rlogin and rsh at the router if possible.

* Run ISS (Internet Security Scanner) regulary. This package allows an
administrator to do an audit of the network and notify him of any
security misconfigurations or anomalies that allow intruders in
therefore allowing him to take corrective measures before his network
is compromised. It is available on ftp://aql.gatech.edu/pub/security/

* Run Tiger regularly. It is available on net.tamu.edu:/pub/security/TAMU

Password Security

o Use one-time password technology like s/key. This package makes
sniffing passwords useless since the password that goes over the
network is only used once. It is available on
ftp:thumper.bellcore.com:/pub/nmh/skey

o Shadowing passwords is useful against dictionary passwd cracking
attacks.

o Replace passwd with a program that will not allow your users to
pick easy passwords.

o Check for all easy-to-guess passwords with Crack which is
available on ftp://ftp.cert.org/pub/tools/ by Alec Muffett
(alecm@sun.com) .

* Do a rpcinfo -p command and check to make sure rexd is not running.

* TFTP should be turned off unless needed because it can be used to grab
password files remotely.

* Make sure there is no '+' in /etc/hosts.equiv or any .rhosts.

* Make sure there are no '#' in /etc/hosts.equiv or any .rhosts.

* Make sure there are no funny commands in any .forward.

* Make sure there are no cleartext passwords in any .netrc.

* Do a showmount -e command to see your exports and make sure they are
restricted to only trusted hosts. Make sure all exports have an access
list.

* Use Xauthority when using X11 or openwin.

* You may want to remove the suid from rdist, chill, pstat, and arp. They
are known to cause security problems on generic default machine.

* Run tripwire regularly. It is available on
ftp://coast.cs.purdue.edu/pub/COAST/

* Run COPS regulary. It is available on ftp://ftp.cert.org/pub/tools/

* Run a TCP Wrapper. It is available on
ftp://ftp.win.tue.nl/pub/security/

* Identd may help locate accounts that intruders are using on remote and
local machines. It is on ftp.lysator.liu.se:/pub/ident/servers

 

Continue to:


Share and Enjoy

Bookmark this story so others can enjoy it:
  • digg
  • Reddit
  • del.icio.us
  • Furl
  • Wists

Tags

security, patches



TOP
no previous pagepage up: Security Patches FAQnext page: 2 - Type of Operating System and its Vulnerabilities (Security Patches)

Last modified Thu May 8 22:39:25 2008

Created by Stas Bekman and his DocSet.

[ Privacy Policy ] [ Copyright ] [ About Us ] [ Advertise on This Site ] [ Search ]