On Thu, 19 Jul 2001, George Tenney wrote:
> I would be almost willing to do a presentation on security and securing a
> Linux box but I fear that I am not the most knowledgeable person on the
> topic. I know a little and could of course find out more, but I don't know
> if it would be enough to present. On the other hand I have always dreamed
> of wearing an XXL Caldera shirt ;)
Security is one of my specialties although I am still in the learning
stages in regards to the vast topic of Linux security. For a user group
presentation, I'd be glad to help anybody interested in a security
presentation.
One of the most important security tips for Linux, *nix's in general, that
MS product, whatever is "Run only those services you really need!" Many
default installation choices tend to put way too many running services
onto a system. Do you need to be running apache web server or, even more
risky, an anon ftp server?
One handy checker I found is the Shields Up service and its "Probe My
Ports" option available at the Gibson Research Center Web site. (
http://www.grc.com ). Although these tests are geared more towards the
users of a certain quaint OS from a company in Washington state <g>, the
port probe will do a nice test for Linux systems as well.
J.D. Abolins
Meyda Online -- Infosec & Privacy Studies
http://www.meydabbs.com (waiting to be updated when I get the time)
