Herewith the short version of this document.
Remove all unneccesary services and wrap all those that remain using
TCP Wrappers or xinetd. Get the patches and updates for
your system regularly and apply them.
Use sshd rather than telnetd, and use scp rather than ftpd, if you can. Use an intrusion detection system (like Tripwire). Build yourself a firewall using IP Filter, ipchains or iptables. Run Satan or Saint against your own system. Portscan it and understand what all the open ports are for, and close off the ones you don't need. Run Nessus against your own system. Can it exploit anything? If so, fix it. Run log-tailing software together with automatic IP host blocking. And if you're really serious about security, consider kernel patches like Medusa DS9 which totally revamp the Unix/Linux security model. |
...previous | up (conts) | next... |