Subscribe to security lists, read security related webpages
and watch for system updates to stay current on security
related issues. By subscribing to security@cise.ufl.edu you
can subscribe to the CERT, CIAC, COAST, BUGTRAQ and NTBUGTRAQ
lists.
Keep your operating system and necessary services patched
to the current version. In some instances it is not necessary
to upgrade a service because it does not contain security
improvements.
Take the principles of Improving
the Security of Your Site by Breaking Into it to
heart. Use common attacks and exploits against your own
system(s) to see how vulnerable they are. If patches
are available apply them. If patches are not available
monitor your log files for the type of attack.
Take procautions to make sure users pick good passwords
and that passwords are not sniffed.
STAY CURRENT
Review CERT advisories
and summaries.
Keep informed about the types of attacks
that have recently been reported to the CERT Coordination
Center by staying
current with CERT Summaries
and Advisories
available at:
An easy way to keep informed about new attacks and exploits identified
by CERT is to watch CERT's
What's New page.
Subscribe to BUGTRAQ.
Bugtraq is a full-disclosure UNIX security mailing
list, (see the info
file) started by Scott Chasin <chasin@crimelab.com>.
To subscribe to bugtraq, send mail to listserv@netspace.org
containing the message body subscribe bugtraq. The list
is archived by Jennifer Myers <jdm@geek-girl.com>
here.
Watch for new CIAC bulletins. CIAC is
the Computer Incident Advisory Capability which provides
on-call technical assistance and information to the Department
of Energy sites faced with computer security incidents. They
also provide information to the Internet community on security
problems
they find. Watch their website
for new bulletins discussing exploits and security holes.
PATCH! PATCH! PATCH!
Review patches
and security advisories for your operating system. Periodically look for security related patches to the
operating system you are using at the vendor's web and/or
ftp sites. Some vendors maintain a listserv which they
send product advisory and update availability notices.
If your
vendor has this service, subscribe to it to stay updated.
Review necessary services for
patches and upgrades. Keep a listing of current versions of necessary services
you are running (sendmail, bind, pop, imap, etc) and watch for
upgrades and/or patches which contain security improvements.
ATTACK YOUR SYSTEM
Send a request
to MIS Security for
a security scan.
NERDC network services uses a software packaged from
Internet Security Systems
(ISS) to scan computer systems for known security holes, configuration
problems and easily guessable passwords. This scan produces a
report of its findings and recommends what to do to secure your
system.
If you are subnet manager, notify
security@eng.ufl.edu that you want a security scan of your
subnet done. If you are not a subnet manager, notify your subnet
manager and request that they get a security scan done of the
subnet and provide you with the results for your system(s).
Once you receive the results of the security scan, follow
the instructions in the report to correct any security holes.
If there were significant changes to be made, have a followup
scan done after you make the changes to see if any new problems
are found.
Use hacker tools on yourself.
Monitor
popular websites which publish exploits and information
on hacking to see if you are vulnerable to any of
the mentioned attacks. These sites include:
Crack your passwords. Periodically check your password file for easily guessable
passwords using available password cracking utilities.
The most
common of these utilities is crack which is available
on CERT's FTP site here.
Insure users pick good passwords. If your system passwd command does not
enforce choosing good passwords than replace it with npasswd, passwd+,
or anlpasswd.
Use shadow passwords. If your operating system has shadow password capability,
you should use it. Under a shadow password system, the /etc/passwd
file does not contain the encrypted passwords. Instead the encrypted
passwords are in a system file which is not world readable.
Ensure that you are up-to-date
with sendmail and are using smrsh. CERT has documented several sendmail vulnerabilities
which can be exploited by intruders to obtain a copy of the password
file. Goto CERT's
ftp advisory archive and read the following:
