SlideShare uma empresa Scribd logo

Iwmw 1998 Server Management (5) Security Implication - Unix

Transferir como PPT, PDF
IWMW
IWMW

Slides for the "Server Management" workshop session on “Security Implication - Unix (5)” (session A3) facilitated by Helen Sargan and Andrew Cormack at the IWMW 1998 event held at Newcastle University on 15-17 September 1998. See http://www.ukoln.ac.uk/web-focus/events/workshops/webmaster-sep1998/materials/

Educação
1 de 7
Institutional Web Management Workshop September 1998 Information Services Security implementation (unix) Andrew Cormack
Institutional Web Management Workshop September 1998 Information Services Disable services • servers may be started by – rc scripts » comment out or rename S# to s# – inetd.conf » comment out or tcp wrap – inittab » comment out – users (deliberate or accidental!) » educate! • use ps and netstat to confirm what is running
Institutional Web Management Workshop September 1998 Information Services Restrict services • TCP wrappers (for inetd) – ensure that hosts.deny file ends ALL:ALL • portmapper replacement • different modes – e.g. sendmail -q • restrictions within server program • proper use of user/group • routers can isolate well-known ports
Institutional Web Management Workshop September 1998 Information Services Keep up to date • modern software – sendmail – web/ftp server • apply OS & software patches • assess security advisories – implement advice – or make reasoned decision not to
Institutional Web Management Workshop September 1998 Information Services Sources of information • newsgroups – comp.security.announce – comp.security.unix (maybe) • mailing lists – bugtraq@netspace.org – most OS have at least one • web sites – http://www.ja.net/CERT/cert.html – http://www.cs.purdue.edu/coast/coast.html – http://ciac.llnl.gov/
Institutional Web Management Workshop September 1998 Information Services Monitoring • log files: syslog, messages etc. – make sure these are usable – e.g. by rolling over nightly • unusual processes or logins • files (e.g. /tmp): tripwire • try to automate checks WITH AUTHORITY • check passwords, idle accounts • satan, mscan & other portscanners
Institutional Web Management Workshop September 1998 Information Services Monitoring • log files: syslog, messages etc. – make sure these are usable – e.g. by rolling over nightly • unusual processes or logins • files (e.g. /tmp): tripwire • try to automate checks WITH AUTHORITY • check passwords, idle accounts • satan, mscan & other portscanners

Recomendados

NetCat - the suiss army knife of network
NetCat - the suiss army knife of networkNetCat - the suiss army knife of network
NetCat - the suiss army knife of network
Mehdi Djoughi
 
NS3 Overview
NS3 OverviewNS3 Overview
NS3 Overview
Rahul Hada
 
Summit 16: OpenStack Tacker - Open Platform for NFV Orchestration
Summit 16: OpenStack Tacker - Open Platform for NFV OrchestrationSummit 16: OpenStack Tacker - Open Platform for NFV Orchestration
Summit 16: OpenStack Tacker - Open Platform for NFV Orchestration
OPNFV
 
Advanced Internet of Things firmware engineering with Thingsquare and Contiki...
Advanced Internet of Things firmware engineering with Thingsquare and Contiki...Advanced Internet of Things firmware engineering with Thingsquare and Contiki...
Advanced Internet of Things firmware engineering with Thingsquare and Contiki...
Adam Dunkels
 
Firewalls and Virtualization - pfSense Hangout June 2014
Firewalls and Virtualization - pfSense Hangout June 2014Firewalls and Virtualization - pfSense Hangout June 2014
Firewalls and Virtualization - pfSense Hangout June 2014
Netgate
 
Tacker - a generic VNF Manager using OpenStack
Tacker - a generic VNF Manager using OpenStackTacker - a generic VNF Manager using OpenStack
Tacker - a generic VNF Manager using OpenStack
Sridhar Ramaswamy
 
VNF components in OpenStack Tacker
VNF components in OpenStack TackerVNF components in OpenStack Tacker
VNF components in OpenStack Tacker
Bharath Thiruveedula
 
The Perfect Linux Security Firewalls
The Perfect Linux Security Firewalls The Perfect Linux Security Firewalls
The Perfect Linux Security Firewalls
david rom
 

Recomendados

NetCat - the suiss army knife of network
NetCat - the suiss army knife of networkNetCat - the suiss army knife of network
NetCat - the suiss army knife of network
Mehdi Djoughi
 
NS3 Overview
NS3 OverviewNS3 Overview
NS3 Overview
Rahul Hada
 
Summit 16: OpenStack Tacker - Open Platform for NFV Orchestration
Summit 16: OpenStack Tacker - Open Platform for NFV OrchestrationSummit 16: OpenStack Tacker - Open Platform for NFV Orchestration
Summit 16: OpenStack Tacker - Open Platform for NFV Orchestration
OPNFV
 
Advanced Internet of Things firmware engineering with Thingsquare and Contiki...
Advanced Internet of Things firmware engineering with Thingsquare and Contiki...Advanced Internet of Things firmware engineering with Thingsquare and Contiki...
Advanced Internet of Things firmware engineering with Thingsquare and Contiki...
Adam Dunkels
 
Firewalls and Virtualization - pfSense Hangout June 2014
Firewalls and Virtualization - pfSense Hangout June 2014Firewalls and Virtualization - pfSense Hangout June 2014
Firewalls and Virtualization - pfSense Hangout June 2014
Netgate
 
Tacker - a generic VNF Manager using OpenStack
Tacker - a generic VNF Manager using OpenStackTacker - a generic VNF Manager using OpenStack
Tacker - a generic VNF Manager using OpenStack
Sridhar Ramaswamy
 
VNF components in OpenStack Tacker
VNF components in OpenStack TackerVNF components in OpenStack Tacker
VNF components in OpenStack Tacker
Bharath Thiruveedula
 
The Perfect Linux Security Firewalls
The Perfect Linux Security Firewalls The Perfect Linux Security Firewalls
The Perfect Linux Security Firewalls
david rom
 
Ns3 implementation wifi
Ns3 implementation wifiNs3 implementation wifi
Ns3 implementation wifi
Salah Amean
 
Contiki Presentation
Contiki PresentationContiki Presentation
Contiki Presentation
Rahul Dhodapkar
 
VPN Overview and IPsec Intro
VPN Overview and IPsec IntroVPN Overview and IPsec Intro
VPN Overview and IPsec Intro
Netgate
 
Contiki OS Research Projects Guidance
Contiki OS Research Projects GuidanceContiki OS Research Projects Guidance
Contiki OS Research Projects Guidance
Network Simulation Tools
 
Network Address Translation - pfSense Hangout July 2014
Network Address Translation - pfSense Hangout July 2014Network Address Translation - pfSense Hangout July 2014
Network Address Translation - pfSense Hangout July 2014
Netgate
 
OpenStack Tacker Liberty Midcycle
OpenStack Tacker Liberty MidcycleOpenStack Tacker Liberty Midcycle
OpenStack Tacker Liberty Midcycle
Sridhar Ramaswamy
 
Enumeration
EnumerationEnumeration
Enumeration
UTD Computer Security Group
 
BoF - Open NFV Orchestration using Tacker
BoF - Open NFV Orchestration using TackerBoF - Open NFV Orchestration using Tacker
BoF - Open NFV Orchestration using Tacker
Sridhar Ramaswamy
 
Deploy TOSCA Network Functions Virtualization (NFV) Workloads in OpenStack
Deploy TOSCA Network Functions Virtualization (NFV) Workloads in OpenStackDeploy TOSCA Network Functions Virtualization (NFV) Workloads in OpenStack
Deploy TOSCA Network Functions Virtualization (NFV) Workloads in OpenStack
Sahdev Zala
 
Firewall and NAT Fundamentals - pfSense Hangout January 2014
Firewall and NAT Fundamentals - pfSense Hangout January 2014Firewall and NAT Fundamentals - pfSense Hangout January 2014
Firewall and NAT Fundamentals - pfSense Hangout January 2014
Netgate
 
OpenContrail, Real Speed: Offloading vRouter
OpenContrail, Real Speed: Offloading vRouterOpenContrail, Real Speed: Offloading vRouter
OpenContrail, Real Speed: Offloading vRouter
Open-NFP
 
Symantec SDN Deployment
Symantec SDN DeploymentSymantec SDN Deployment
Symantec SDN Deployment
Rudrajit Tapadar
 
Flow monitoring explained - From packet capture to data analysis - the use of...
Flow monitoring explained - From packet capture to data analysis - the use of...Flow monitoring explained - From packet capture to data analysis - the use of...
Flow monitoring explained - From packet capture to data analysis - the use of...
Annika Wickert
 
CodePackager - Pack and Unpack repositories to mobile storage
CodePackager - Pack and Unpack repositories to mobile storageCodePackager - Pack and Unpack repositories to mobile storage
CodePackager - Pack and Unpack repositories to mobile storage
Cheyin L
 
PX4 Seminar 01
PX4 Seminar 01PX4 Seminar 01
PX4 Seminar 01
Jungtaek Kim
 
Run OPNFV Danube on ODCC Scorpio Multi-node Server - Open Software on Open Ha...
Run OPNFV Danube on ODCC Scorpio Multi-node Server - Open Software on Open Ha...Run OPNFV Danube on ODCC Scorpio Multi-node Server - Open Software on Open Ha...
Run OPNFV Danube on ODCC Scorpio Multi-node Server - Open Software on Open Ha...
OPNFV
 
IPv6 deployment status - Networkshop44
IPv6 deployment status - Networkshop44IPv6 deployment status - Networkshop44
IPv6 deployment status - Networkshop44
Jisc
 
Towards constrained semantic web
Towards constrained semantic webTowards constrained semantic web
Towards constrained semantic web
☕ Remy Rojas
 
Building Complex Topology using NS3
Building Complex Topology using NS3Building Complex Topology using NS3
Building Complex Topology using NS3
Rahul Hada
 
The IPv6-Only Network
The IPv6-Only NetworkThe IPv6-Only Network
The IPv6-Only Network
APNIC
 
Chapter 3 footprinting
Chapter 3 footprintingChapter 3 footprinting
Chapter 3 footprinting
Setia Juli Irzal Ismail
 
network-management Web base.ppt
network-management Web base.pptnetwork-management Web base.ppt
network-management Web base.ppt
AssadLeo1
 

Mais conteúdo relacionado

Mais procurados

CodePackager - Pack and Unpack repositories to mobile storage
CodePackager - Pack and Unpack repositories to mobile storageCodePackager - Pack and Unpack repositories to mobile storage
CodePackager - Pack and Unpack repositories to mobile storage
Cheyin L
 
Run OPNFV Danube on ODCC Scorpio Multi-node Server - Open Software on Open Ha...
Run OPNFV Danube on ODCC Scorpio Multi-node Server - Open Software on Open Ha...Run OPNFV Danube on ODCC Scorpio Multi-node Server - Open Software on Open Ha...
Run OPNFV Danube on ODCC Scorpio Multi-node Server - Open Software on Open Ha...
OPNFV
 

Mais procurados (20)

Ns3 implementation wifi
Ns3 implementation wifiNs3 implementation wifi
Ns3 implementation wifi
 
Contiki Presentation
Contiki PresentationContiki Presentation
Contiki Presentation
 
VPN Overview and IPsec Intro
VPN Overview and IPsec IntroVPN Overview and IPsec Intro
VPN Overview and IPsec Intro
 
Contiki OS Research Projects Guidance
Contiki OS Research Projects GuidanceContiki OS Research Projects Guidance
Contiki OS Research Projects Guidance
 
Network Address Translation - pfSense Hangout July 2014
Network Address Translation - pfSense Hangout July 2014Network Address Translation - pfSense Hangout July 2014
Network Address Translation - pfSense Hangout July 2014
 
OpenStack Tacker Liberty Midcycle
OpenStack Tacker Liberty MidcycleOpenStack Tacker Liberty Midcycle
OpenStack Tacker Liberty Midcycle
 
Enumeration
EnumerationEnumeration
Enumeration
 
BoF - Open NFV Orchestration using Tacker
BoF - Open NFV Orchestration using TackerBoF - Open NFV Orchestration using Tacker
BoF - Open NFV Orchestration using Tacker
 
Deploy TOSCA Network Functions Virtualization (NFV) Workloads in OpenStack
Deploy TOSCA Network Functions Virtualization (NFV) Workloads in OpenStackDeploy TOSCA Network Functions Virtualization (NFV) Workloads in OpenStack
Deploy TOSCA Network Functions Virtualization (NFV) Workloads in OpenStack
 
Firewall and NAT Fundamentals - pfSense Hangout January 2014
Firewall and NAT Fundamentals - pfSense Hangout January 2014Firewall and NAT Fundamentals - pfSense Hangout January 2014
Firewall and NAT Fundamentals - pfSense Hangout January 2014
 
OpenContrail, Real Speed: Offloading vRouter
OpenContrail, Real Speed: Offloading vRouterOpenContrail, Real Speed: Offloading vRouter
OpenContrail, Real Speed: Offloading vRouter
 
Symantec SDN Deployment
Symantec SDN DeploymentSymantec SDN Deployment
Symantec SDN Deployment
 
Flow monitoring explained - From packet capture to data analysis - the use of...
Flow monitoring explained - From packet capture to data analysis - the use of...Flow monitoring explained - From packet capture to data analysis - the use of...
Flow monitoring explained - From packet capture to data analysis - the use of...
 
CodePackager - Pack and Unpack repositories to mobile storage
CodePackager - Pack and Unpack repositories to mobile storageCodePackager - Pack and Unpack repositories to mobile storage
CodePackager - Pack and Unpack repositories to mobile storage
 
PX4 Seminar 01
PX4 Seminar 01PX4 Seminar 01
PX4 Seminar 01
 
Run OPNFV Danube on ODCC Scorpio Multi-node Server - Open Software on Open Ha...
Run OPNFV Danube on ODCC Scorpio Multi-node Server - Open Software on Open Ha...Run OPNFV Danube on ODCC Scorpio Multi-node Server - Open Software on Open Ha...
Run OPNFV Danube on ODCC Scorpio Multi-node Server - Open Software on Open Ha...
 
IPv6 deployment status - Networkshop44
IPv6 deployment status - Networkshop44IPv6 deployment status - Networkshop44
IPv6 deployment status - Networkshop44
 
Towards constrained semantic web
Towards constrained semantic webTowards constrained semantic web
Towards constrained semantic web
 
Building Complex Topology using NS3
Building Complex Topology using NS3Building Complex Topology using NS3
Building Complex Topology using NS3
 
The IPv6-Only Network
The IPv6-Only NetworkThe IPv6-Only Network
The IPv6-Only Network
 

Semelhante a Iwmw 1998 Server Management (5) Security Implication - Unix

network-management Web base.ppt
network-management Web base.pptnetwork-management Web base.ppt
network-management Web base.ppt
AssadLeo1
 
2010 02 instrumentation_and_runtime_measurement
2010 02 instrumentation_and_runtime_measurement2010 02 instrumentation_and_runtime_measurement
2010 02 instrumentation_and_runtime_measurement
PTIHPA
 
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
ITCamp
 
Apache Street Smarts Presentation (SANS 99)
Apache Street Smarts Presentation (SANS 99)Apache Street Smarts Presentation (SANS 99)
Apache Street Smarts Presentation (SANS 99)
Michael Dobe, Ph.D.
 
Functional Areas of Network Management Configuration Management
Functional Areas of Network Management Configuration ManagementFunctional Areas of Network Management Configuration Management
Functional Areas of Network Management Configuration Management
jeronimored
 
testppt ch01(1)
testppt ch01(1)testppt ch01(1)
testppt ch01(1)
ryaekle
 

Semelhante a Iwmw 1998 Server Management (5) Security Implication - Unix (20)

Chapter 3 footprinting
Chapter 3 footprintingChapter 3 footprinting
Chapter 3 footprinting
 
network-management Web base.ppt
network-management Web base.pptnetwork-management Web base.ppt
network-management Web base.ppt
 
2010 02 instrumentation_and_runtime_measurement
2010 02 instrumentation_and_runtime_measurement2010 02 instrumentation_and_runtime_measurement
2010 02 instrumentation_and_runtime_measurement
 
Chapter 8 Presentaion
Chapter 8 PresentaionChapter 8 Presentaion
Chapter 8 Presentaion
 
Basic network training2
Basic network training2Basic network training2
Basic network training2
 
9781305094352 ppt ch08
9781305094352 ppt ch089781305094352 ppt ch08
9781305094352 ppt ch08
 
Wireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsWireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance tools
 
Building the Internet of Things with Thingsquare and Contiki - day 2 part 1
Building the Internet of Things with Thingsquare and Contiki - day 2 part 1Building the Internet of Things with Thingsquare and Contiki - day 2 part 1
Building the Internet of Things with Thingsquare and Contiki - day 2 part 1
 
SNMP Demystified Part-I
SNMP Demystified Part-ISNMP Demystified Part-I
SNMP Demystified Part-I
 
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
Provisioning Windows instances at scale on Azure, AWS and OpenStack - Adrian ...
 
Penetration Testing Boot CAMP
Penetration Testing Boot CAMPPenetration Testing Boot CAMP
Penetration Testing Boot CAMP
 
Open Programmable Architecture for Java-enabled Network Devices
Open Programmable Architecture for Java-enabled Network DevicesOpen Programmable Architecture for Java-enabled Network Devices
Open Programmable Architecture for Java-enabled Network Devices
 
Irati goals and achievements - 3rd RINA Workshop
Irati goals and achievements - 3rd RINA WorkshopIrati goals and achievements - 3rd RINA Workshop
Irati goals and achievements - 3rd RINA Workshop
 
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael SchwartzkopffOSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
 
RINA overview and ongoing research in EC-funded projects, ISO SC6 WG7
RINA overview and ongoing research in EC-funded projects, ISO SC6 WG7RINA overview and ongoing research in EC-funded projects, ISO SC6 WG7
RINA overview and ongoing research in EC-funded projects, ISO SC6 WG7
 
Apache Street Smarts Presentation (SANS 99)
Apache Street Smarts Presentation (SANS 99)Apache Street Smarts Presentation (SANS 99)
Apache Street Smarts Presentation (SANS 99)
 
Functional Areas of Network Management Configuration Management
Functional Areas of Network Management Configuration ManagementFunctional Areas of Network Management Configuration Management
Functional Areas of Network Management Configuration Management
 
testppt ch01(1)
testppt ch01(1)testppt ch01(1)
testppt ch01(1)
 
Cotopaxi - IoT testing toolkit (Black Hat Asia 2019 Arsenal)
Cotopaxi - IoT testing toolkit (Black Hat Asia 2019 Arsenal)Cotopaxi - IoT testing toolkit (Black Hat Asia 2019 Arsenal)
Cotopaxi - IoT testing toolkit (Black Hat Asia 2019 Arsenal)
 
OpenNMS introduction
OpenNMS introductionOpenNMS introduction
OpenNMS introduction
 

Mais de IWMW

Mais de IWMW (20)

Look who's talking now
Look who's talking nowLook who's talking now
Look who's talking now
 
Introduction to IWMW 2000 (Liz Lyon)
Introduction to IWMW 2000 (Liz Lyon)Introduction to IWMW 2000 (Liz Lyon)
Introduction to IWMW 2000 (Liz Lyon)
 
Web Tools report
Web Tools reportWeb Tools report
Web Tools report
 
Personal Contingency Plan - Beat The Panic
Personal Contingency Plan - Beat The PanicPersonal Contingency Plan - Beat The Panic
Personal Contingency Plan - Beat The Panic
 
Whose site is it anyway?
Whose site is it anyway?Whose site is it anyway?
Whose site is it anyway?
 
Open Source - the case against
Open Source - the case againstOpen Source - the case against
Open Source - the case against
 
IWMW 2002: Avoiding Portal Wars - an MIS view
IWMW 2002: Avoiding Portal Wars - an MIS viewIWMW 2002: Avoiding Portal Wars - an MIS view
IWMW 2002: Avoiding Portal Wars - an MIS view
 
What does open source mean for the institutional web manager?
What does open source mean for the institutional web manager?What does open source mean for the institutional web manager?
What does open source mean for the institutional web manager?
 
Library 2.0
Library 2.0Library 2.0
Library 2.0
 
Social participation in student recruitment
Social participation in student recruitmentSocial participation in student recruitment
Social participation in student recruitment
 
Supporting Institutions in Changing Times: Manifesto
Supporting Institutions in Changing Times: ManifestoSupporting Institutions in Changing Times: Manifesto
Supporting Institutions in Changing Times: Manifesto
 
IWMW 2019 photo scavenger hunt highlights
IWMW 2019 photo scavenger hunt highlightsIWMW 2019 photo scavenger hunt highlights
IWMW 2019 photo scavenger hunt highlights
 
How to Turn a Web Strategy into Web Services
How to Turn a Web Strategy into Web ServicesHow to Turn a Web Strategy into Web Services
How to Turn a Web Strategy into Web Services
 
Static Site Generators - Developing Websites in Low-resource Condition
Static Site Generators - Developing Websites in Low-resource ConditionStatic Site Generators - Developing Websites in Low-resource Condition
Static Site Generators - Developing Websites in Low-resource Condition
 
Looking to the Future
Looking to the FutureLooking to the Future
Looking to the Future
 
Looking to the Future
Looking to the FutureLooking to the Future
Looking to the Future
 
Developing Communities of Practice
Developing Communities of PracticeDeveloping Communities of Practice
Developing Communities of Practice
 
How to train your content- so it doesn't slow you down...
How to train your content- so it doesn't slow you down... How to train your content- so it doesn't slow you down...
How to train your content- so it doesn't slow you down...
 
Grassroots & Guerrillas: The Beginnings of a UX Revolution
Grassroots & Guerrillas: The Beginnings of a UX RevolutionGrassroots & Guerrillas: The Beginnings of a UX Revolution
Grassroots & Guerrillas: The Beginnings of a UX Revolution
 
Connecting Your Content: How to Save Time and Improve Content Quality through...
Connecting Your Content: How to Save Time and Improve Content Quality through...Connecting Your Content: How to Save Time and Improve Content Quality through...
Connecting Your Content: How to Save Time and Improve Content Quality through...
 

Último

Último (20)

Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 

Iwmw 1998 Server Management (5) Security Implication - Unix

  • 1. Institutional Web Management Workshop September 1998 Information Services Security implementation (unix) Andrew Cormack
  • 2. Institutional Web Management Workshop September 1998 Information Services Disable services • servers may be started by – rc scripts » comment out or rename S# to s# – inetd.conf » comment out or tcp wrap – inittab » comment out – users (deliberate or accidental!) » educate! • use ps and netstat to confirm what is running
  • 3. Institutional Web Management Workshop September 1998 Information Services Restrict services • TCP wrappers (for inetd) – ensure that hosts.deny file ends ALL:ALL • portmapper replacement • different modes – e.g. sendmail -q • restrictions within server program • proper use of user/group • routers can isolate well-known ports
  • 4. Institutional Web Management Workshop September 1998 Information Services Keep up to date • modern software – sendmail – web/ftp server • apply OS & software patches • assess security advisories – implement advice – or make reasoned decision not to
  • 5. Institutional Web Management Workshop September 1998 Information Services Sources of information • newsgroups – comp.security.announce – comp.security.unix (maybe) • mailing lists – bugtraq@netspace.org – most OS have at least one • web sites – http://www.ja.net/CERT/cert.html – http://www.cs.purdue.edu/coast/coast.html – http://ciac.llnl.gov/
  • 6. Institutional Web Management Workshop September 1998 Information Services Monitoring • log files: syslog, messages etc. – make sure these are usable – e.g. by rolling over nightly • unusual processes or logins • files (e.g. /tmp): tripwire • try to automate checks WITH AUTHORITY • check passwords, idle accounts • satan, mscan & other portscanners
  • 7. Institutional Web Management Workshop September 1998 Information Services Monitoring • log files: syslog, messages etc. – make sure these are usable – e.g. by rolling over nightly • unusual processes or logins • files (e.g. /tmp): tripwire • try to automate checks WITH AUTHORITY • check passwords, idle accounts • satan, mscan & other portscanners