|
Meeting Notes
UNUG Home
Meetings
Meeting Notes
Charter
UNUG Mailing List
Submit Security Incident
Links
Best Practices
| |
November
29, 2001
Attendees:
Greg Phillips, Jeff Hardee, Jason Wulf, Peter
Lafford, John Babb, Derwin Skipp, Frank Davis, Dale Wutz, Soma Karuppiah,
Joan Bahamonde, Mark Peoples, Brian McFarlane, Justin Crawford, James
Carvalho, Lois Lehman, Greg Viles, Debi Relf, David Bear, Nina Barr, Carlos
Herrera, Karra Lawrence, Chris Coffin, Jim Howard
Announcements:
 | Next meeting January 31, 2002 |
| Progeny
Debian went belly-up
|
| rolling
their distro tools into normal Debian
|
| IBM/RedHat
tighter than before
|
| OpenSSH
3.0.1 out now
|
| No
more telnet on central IT-maintained servers starting January 01, 2002
|
| Engineering
College wants Unix weenies
|
| RedHat
7.2 out
|
| Linux
ftpd broken
|
Discussion
topics:
Marc
Peoples: Best practices manual
| Model
the new manual after php.net/manual
|
| Make
the manual interactive
|
| New
site: unug.asu.edu
|
Dale
Wutz: Summary from SANS conference
| Info
available on sans.org
|
| "You
can't stop the really bad guys... but you can slow them down"
|
| Security
policies
: be
positive: More carrot than stick
|
| Risk
analysis
 | What
would happen if something did happen?
|
| Compare
Net risks with real-world
risks
|
| Crackers
will look for the weakest link
|
|
| Guard
against social engineering
| Guess
passwords
|
| Impersonate
service personnel
|
|
| Physical
security
| At
setup
|
| Install
behind a firewall
 | Firewall
dedicated to firewall services only!
|
| Types
of firewalls
|
| port
only
|
| stateful
inspection
|
|
| Lock BIOS |
| Harden
the OS (see SANS whitepapers)
| Turn
off unnecessary ports and services *before * hooking up
|
|
|
| Backups/disaster
recovery schemes & hardware
|
| Test
them before you rely on them
|
| How
hard is cracking
: see
www.clickkiddie.net
|
| Crypto
|
|
