Basic security recommendations
OS hardening
To protect against misconfiguration-based attacks, install the very good hardening utility Bastille (http://sourceforge.net). Bastille essentially closes all the doors left open in a default installation. Network services access control
Install Wietse Venema’s TCP Wrapper (ftp://ftp.porcupine.org/pub/security/index.html). This is a simple tool, simple to install, simple to configure and simple in operation. It is an access control list for services run under the control of the Internet daemon. IDS
Get the excellent Intrusion Detection Tool Snort (http://www.snort.org/). There are both Linux version and Windows version. It will let you see what kinds of messages are observed by your network card and let you to write your own rules for IDS. It is almost infinitely configurable.
Firewall
Try Shorewall (http://shorewall.net/), a freeware firewall/gateway based on linux iptables/ipchains. You may also try Astaro’s Security Linux (http://astaro.com/), which is a freeware sateful inspection gateway that provides proxy and VPN services. Secure Remote Access
Never try telnet or ftp. Install OpenSSH (http://www.openssh.com/) for remote access tools (there are both Linux and Windows versions).
Penetration Testing After your system is set up, now try to break it. Install Nessus (http://www.nessus.org/). It tests each port to determine what sort of listener is active.
File Integrity Utility
Finally, once your security suite is complete, install the freeware version of Tripwire (check free download from Tucows http://www.tucows.com/preview/51673). Tripwire takes a “snapshot” of a large number of critical binaries on your system, and stores that information encrypted and in an obscure place.
OS hardening
To protect against misconfiguration-based attacks, install the very good hardening utility Bastille (http://sourceforge.net). Bastille essentially closes all the doors left open in a default installation. Network services access control
Install Wietse Venema’s TCP Wrapper (ftp://ftp.porcupine.org/pub/security/index.html). This is a simple tool, simple to install, simple to configure and simple in operation. It is an access control list for services run under the control of the Internet daemon. IDS
Get the excellent Intrusion Detection Tool Snort (http://www.snort.org/). There are both Linux version and Windows version. It will let you see what kinds of messages are observed by your network card and let you to write your own rules for IDS. It is almost infinitely configurable.
Firewall
Try Shorewall (http://shorewall.net/), a freeware firewall/gateway based on linux iptables/ipchains. You may also try Astaro’s Security Linux (http://astaro.com/), which is a freeware sateful inspection gateway that provides proxy and VPN services. Secure Remote Access
Never try telnet or ftp. Install OpenSSH (http://www.openssh.com/) for remote access tools (there are both Linux and Windows versions).
Penetration Testing After your system is set up, now try to break it. Install Nessus (http://www.nessus.org/). It tests each port to determine what sort of listener is active.
File Integrity Utility
Finally, once your security suite is complete, install the freeware version of Tripwire (check free download from Tucows http://www.tucows.com/preview/51673). Tripwire takes a “snapshot” of a large number of critical binaries on your system, and stores that information encrypted and in an obscure place.
