07 What should I read to learn how to secure my computers? What should I read to learn about computer security?
Description
This article is from the comp.security.unix and comp.security.misc FAQ, by Alan J Rosenthal flaps@dgp.toronto.edu with numerous contributions by others.
07 What should I read to learn how to secure my computers? What should I read to learn about computer security?
The number one thing to do is to install all of your vendor's security
patches and to disable unused services (in unix, comment things out of
/etc/inetd.conf, and remove daemon invocations from /etc/rc* (details
depend on OS version)). See some other basic information in
http://www.cert.org/tech_tips/unix_configuration_guidelines.html
Subscribe to the CERT advisory list and to your vendor's security alert list
to keep current in future.
If you're trying to learn your way around unix and internet security in
general, I suggest you want to start with a good grasp of unix basics, e.g.
from the Kernighan & Pike book. You'll also want to be strong in C, which
education you can begin with the Kernighan & Ritchie book. (Of course
there are alternatives to both.)
If you're feeling strong after that and want to go for the details, read
Farmer & Venema's "Improving the Security of Your Site by Breaking Into
it" at http://www.fish.com/security/admin-guide-to-cracking.html , and
the Cheswick & Bellovin firewalls book. For a gentler approach covering
a broader range of security issues, read Spafford & Garfinkel's "Practical
Unix and Internet Security". A more hands-on-oriented book about firewalls
is Chapman & Zwicky.
If you're interested in cryptography, the canonical book is Schneier's
"Applied Cryptography", and you might be interested in RFC 1750.
I've received a recommendation for "Windows NT Security" by Rutstein.
Some URLs with security notes for particular systems (in addition to those
above, and don't forget your vendor's security patch list):
Linux security:
http://metalab.unc.edu/LDP/HOWTO/Security-HOWTO.html
Irix (out of date but contains notes which are still important):
ftp://rtfm.mit.edu/pub/faqs/sgi/faq/security
Improve assorted file permissions for solaris 2.2 through 2.6, changing
the pkg database to match:
ftp://ftp.fwi.uva.nl/pub/solaris/fix-modes.tar.gz
Solaris security:
http://www.sunworld.com/common/security-faq.html
Unix versus Windows NT:
[http://www.unix-vs-nt.org is now a domain squatter; does this page
have a new home, anyone?]
(Canonical URLs for additional platforms solicited! Non-vendor URLs preferred.)
Continue to:
My Books
