Basic intrustion detection/prevention
Hi All,
I'm getting to grips with administering my new Redhat 7.3 system, and I'd like some advice on securing it. I'd like to get something up and running quickly (and hopefully without too much initial configuration) and then learn more about it and refine it for my needs as I go on. The box will be a web server, for low bandwidth small websites, and no services other than basic http, ftp, ssh (for me only) and mail (and anything other required for a v. basic web serving box) will be required to be accessible from outside. So far, I've found portsentry as a reasonably option, but this doesn't appear to be maintained any more. Thanks for any advice/info. J |
Please see the security forum, first thread for an overview of security aspects.
|
I've been using portsentry and tripwire for the past 18 months or so and haven't found any need for maintenance of either. Portsentry has blocked several hundred would-be invaders in that time, and the tripwire reports I check daily indicate that nothing has gotten through...
|
It is crucial to learn that, and understand why, security cannot be measured by the result of one application, will not be covered by solely using a firewall or one application and is not a task automatically performed once a month. Security is an attitude towards the systems you manage and networks in general.
Security is not focussing on the opinion on, rating of or usage of any specific applications: that is just the product of knowing which measures to take based on an assessment of what needs securing. I would like to invite anyone who still thinks security equals a firewall or one application or updating to read the thread I mentioned. |
Quote:
To maintain security it's also essential to keep a low public profile (consistent, of course, with one's reason for being on the Internet at all) and to stay up to date on the nature of current threats. I strongly recommend participation in the "Internet Neighborhood Watch" volunteer effort, which is a worldwide network that automatically collects reports of intrusion attempts, probes, and the like, and when correlation of these reports from multiple sites indicates a serious attack, notifies the source ISP of what is happening. More information about it can be found at http://www.mynetwatchman.com/ (but as I post this, I'm getting a 404 from the URL)... |
Quote:
I don't want to do a lot of reading, but while I know this isn't a great thing, it's a fact, and I want to get the maximum security from the time I do have to invest. It's worth bearing in mind that many people have 'real life' applications like me, and just want to get a result that while it is not perfect, is a result that will work, protect against common vulnerabilities, and make an out-of-the-box system more secure than it was before. |
All times are GMT -5. The time now is 09:34 PM. |