|
From the sounds of it what we need to produce is a reasonably high-level document that will ease people into a security-concious mindset; then they can investigate the low level stuff elsewhere.
Well said! What you offer in the first place is time and a helpfull attitude, and I value that more than anything else. As far as the mod group is concerned, I kinda hope we can see this as a mod group effort as well. Hell, it may even pave the way for collaboration on more HOWTO's and whatnot. What I can offer? Well, I know something about security on both sides of the fence and I got a few yrs Linux/GNU experience. My writing skills aren't as good as Kylie's implants are photogenic, but I kinda make up for that with basic project management skills to keep this from ending up in the bitbucket. Do you want to keep all this discussion in this thead or do you have plans to take it elsewhere? Heh. I was just asking Jeremy if he would be willing to chip in a temp mailinglist/forum. I recon that LQ must be a reasonably good place to get people who would be willing to translate a document if we manage produce one. Any offers? Good one! Please join in, please contribute and help your fellow LQ community members! |
Reading this thread (btw unSpawn, you are welcome, I just wish I had more to give you) I have to wonder if the topic of Security in Linux (or even windows) is something that CAN be tackled at the "clueless newbie" level (I don't want that to sound like an insult, I mean at the very very very beginner level).
In Windows is possible to have SOME "one-click" solutions like say...Zone-alarm so its easy to tell a relative who just got a new PC with a cable connection "Just download and install Zone-alarm" and "Get an anti-virus" and boom, they're on their way...it might not be perfect but its SOME protection. In linux tho, I think (I could be wrong, as in all things) that to tackle security when administering a new linux install requires a bit more understanding of the issues...in other words, I'm not sure you can get away with a really simple doc...although trying to write one sure sounds like an interesting challenge.... I'd volunteer but I still consider myself relatively newbie-ish that I might miss some important security points. unSpawn, a suggestion to you would be...why not get the whole LQ community in on this doc? Ie: Maybe we can all write/contribute to it and then all it'll need is an experienced hand to wrap it all up (GPLd of course lol) We could have it in this thread or something....like the optimizations thread but maybe more moderated? |
Thanks for volunteering Tcaptain!
I have to wonder if the topic of Security in Linux (or even windows) is something that CAN be tackled at the "clueless newbie" level Yes, that is a serious question. And that's why I opted for first discussing the topics we need to cover. In Windows is possible to have SOME "one-click" solutions (..) it might not be perfect but its SOME protection. Who says we can't have that in Linux? (*if* that is the right approach) why not get the whole LQ community in on this doc? Each and every LQ member is invited to join in. The "problem" with threads IMHO is that if they grow large they get unwieldy, then ppl start to loose focus. But let's see who will join our 'lil quest. I hope it will grow some, then early next week we should be able to decide how to procede. Please join in, please contribute and help your fellow LQ community members! |
I would like to see a simple explination of all the security lingo. http://iptables-tutorial.frozentux.n...-tutorial.html is a great iptables tutorial, but the lingo got to be so unbearable for me that I gave up. I have absolutely no knowledge of linux security so I can't help with the writing, but I'd be willing to walk through what was written to see if it was simple enough. :)
|
Thanks busbarn,
but I'd be willing to walk through what was written to see if it was simple enough. that will be helpfull. but the lingo got to be so unbearable for me that I gave up Care to share an example? Please join in, please contribute and help your fellow LQ community members! |
http://iptables-tutorial.frozentux.n...VERSINGGENERAL
These tables are good explanations, but it's too much info at once. Since nat and and dnat and tos are all new terminology for me, dealing with that and mangling and filtering all at once is sensory overload (especially when I'm trying to learn this after a long day of working with 6th graders!). http://honors.montana.edu/~jjc/easyt...tut/node2.html is a great tutorial--i really like how it's setup. It gives the info, some examples with explanations, and then an excercise. The ip tutorial has HUGE chunks of stuff before the reader can even practice it. Actually doing something is the best way to learn I think. Is that an okay example? |
On preview, busbarn, it's easy to forget what level of knowledge people have before they try things.
From the sounds of it what we need to produce is a reasonably high-level document that will ease people into a security-concious mindset; then they can investigate the low level stuff elsewhere. Well said! I second that. You need to have at least a passing understanding of how computers/networks work before you can go off and change things. You'd be running blind other wise. I mean, if you are editing you're PAM files, should you be explaining how pico or vi should be used? Or explain the relationship to the passwd file? I think somewhere between the two would be a good tutorial. There is going to have to be some investment by newbie before you can walk them through how PAM works, and what it means. And is PAM security, or just sys admin? If someone starts something, I'll definately help with the review. Once I wrap my head around the scope and verboseness, I'll give a go at writing a module. I have decent experience and knowledge of Linux/UNIX and am not afraid of learning what I don't. We aren't talking about a tome or anything right. Here's what I'm thinking: 1. Simple explaination of security, it's complexity, hardness, what is trust? Security is a process, not a product. 1a. Expected level of knowledge (to understand everything, not read.) Links to basic tutorials (shell, editing, sys admin, networking.) 1b. What to do if you don't understand something. 2. Knowing what is running on your system, keeping the system up to date, checking the logs. How to use google to figure out what you logs mean. More of a process, than specifics. 3. An explaination of authentication. Here I'm thinking of explaining passwords (plain text, encrypted, hashed, digests) and such things a public keys. May be a very small ssh tutorial. Links to other things such as Kerberos and such. 4. Encryption, maybe before auth? SSL/TLS. 5. An explaination of various services and why they should/shouldn't be exposed to the public. No r services. Firewalling. Appendix. A walkthrough of locking down a system. Perhaps bastille or something. Not much knowledge needed. Well, it's my first stab in the dark. I'm missing things. If the explaination doesn't go into too much detail/implementation, it should be newbie enough. Leave the details to the links. A list of links that do go into detail whould be nice. Maybe a page or two for each chapter. It seems like someone has already written this (or should have), just need to find it. I think 2 would be the most important, so the reader can jump off from there. (Not that teach someone to teach themselves is easy) Thoughts? Would be excellent if, after you get acquainted with Systrace, you where able to post some of your findings. OT, will do, but I think before I tackle systrace (haven't used it yet,) I'm going to try to write up an ethereal document. It's the way I debug a lot of network problems, and it would be nice to point them a something specific. I'm thinking links to basic networking/Ethernet/TCP/IP docs, explaination of how ethereal works, what it does. Then (for the long part) a couple of walk throughs of various protocols (icmp (just ping), http, dns, arp, telnet, TCP/UDP (with netcat)) and couple of walk throughs of when things go wrong (no link, wrong IP add., no dhcp, no dns). It's just that I've been meaning to write a newbie document on networking and how to solve networking problems (the process of.) It's been firing the neurons, we'll see if it fires up the electrons. Have fun, chris P.S. "simple explaination ... it's complexity", I'm diggin' my self a hole here. Or as Einstien said (paraphasing perhaps) "Make it simple, just not too simple" |
Scanning this thread I don't see that anybody's mentioned the "Linux Rute User's Guide," available at
http://www.icon.co.za/~psheer/book/index.html.gz It seems to me very thorough and clear. I don't know if it fits the "4-year-old" criterion, but it's sure easier to understand than a lot of the texts out there. This is a very, very worthwhile project. Best of luck. I hope it will lead to enabling me to understand iptables! :-) |
Quote:
Another stumbling block to a "simple" security doc (ie: explain the basic steps and theorize elsewhere) is that in linux, a zillion things can be different on every install...so you can't have a list like this: 1 - push button a 2 - enter X in slot B etc...simply because each linux install differs from distro to distro (heck, it can differ a LOT WITHIN a distro!!!!). The only way to get around that is HAVING to explain the fundamentals so that the process and theory are understood enough to let the users figure out the particulars... (Example from experience, I'm training a newbie in my department, she's a new programmer analyst and is causing me serious headaches because she's so completely hung up on her step by step notes! Basically when I try to show her a process that I do to acccomplish whatever...she writes EXACTLY what I do...but I have to tell her that she needs to focus on WHAT is going on rather than the list of steps because unexpected things happen so often...and sure enough, when they do, she's lost because its not on the list...whereas if she understood the PROCESS or the theory, she'd be able to work around problems....not sure if I'm getting my point across...hope so). Continuing my example from earlier in Windows...its easy to do this in windows because one install doesn't really vary from one to the next....whereas in linux, the differences can be quite huge. |
Busbarn: Yes I think the concept is something we can work with: always follow "theory" with some example (where applicable of course).
Bastard23: You need to have at least a passing understanding of how computers/networks work before you can go off and change things. You'd be running blind other wise. I think that is one of the lowest common denominators we can find, but it's good to actually have an idea of what those skills can be. I think if a basic vi explanation of delete, insert, save doesn't stick, we're doomed. Thanks for volunteering as well, btw. I think from your list I would scrap only the detailed stuff like TLS and encryption. I think a reference would do. Remember we gotta make it short 'n sweet. In pages I'm thinking about 10 max. Jonr: thanks for contributing. I think Rute is definately a good resource: for referring *to*. Ifthey want/need hex, they can find it there (for instance). Tcaptain: you're drawing IMHO the right conclusion: we're only touching fundamentals here. The example you gave is something you see the results of everywhere where people aren't comfortable with handling processes they don't master yet. You're right if you're saying that that needs to be one of the (subliminal) messages we need to send: it takes just a little bit of reading and practice. To you all who volunteered already I hope you view yourself as responsable for this thread, your shared idea's and where it is going. With your input in mind I'd like to start discussing the number of, width and depth of the topics starting next monday (but if you can't wait: go ahead, BMG). *If anyone strongly disagrees with anything said in this thread, idea's, approach, whatever else, I invite you to make your voice heard. This is an open discussion and constructive, positive criticism is welcome, just make sure to explain it clearly. Please join in, please contribute and help your fellow LQ community members! |
Busbarn: Yes I think the concept is something we can work with: always follow "theory" with some example (where applicable of course).
Bastard23: You need to have at least a passing understanding of how computers/networks work before you can go off and change things. You'd be running blind other wise. I think that is one of the lowest common denominators we can find, but it's good to actually have an idea of what those skills can be. I think if a basic vi explanation of delete, insert, save doesn't stick, we're doomed. Thanks for volunteering as well, btw. I think from your list I would scrap only the detailed stuff like TLS and encryption. I think a reference would do. Remember we gotta make it short 'n sweet. In pages I'm thinking about 10 max. Jonr: thanks for contributing. I think Rute is definately a good resource: for referring *to*. If they want/need hex, they can find it there (for instance). Tcaptain: you're drawing IMHO the right conclusion: we're only touching fundamentals here. The example you gave is something you see the results of everywhere where people aren't comfortable with handling processes they don't master yet. You're right if you're saying that that needs to be one of the (subliminal) messages we need to send: it takes just a little bit of reading and practice. To you all who volunteered already I hope you view yourself as responsable for this thread, your shared idea's and where it is going. With your input in mind I'd like to start discussing the number of, width and depth of the topics starting next monday (but if you can't wait: go ahead, BMG). *If anyone strongly disagrees with anything said in this thread, idea's, approach, whatever else, I invite you to make your voice heard. This is an open discussion and constructive, positive criticism is welcome, just make sure to explain it clearly. Please join in, please contribute and help your fellow LQ community members! |
:D Uh- I thought it took at least a 6 year old to administer a computer. 4 year old people have no trouble using the mouse, but you have to spell the words for them in order for them to use the keyboard. :rolleyes:
I learned lots of stuff from these: How To Ask Questions The Smart Way O'Reilly's Living Linux articles Doing things in GNU/Linux The Linux Cookbook Linuxplanet Tutorials The NHF's - uh :cry: The Help Files Library And the usual suspects in my sig. |
Quote:
|
One thing that I have seen a movement toward are the GUI programs which new comers to Linux are wanting to use to setup their firewall or router.
While these may be good for some people they can complicate things in a way by concealing what's actually going on with the firewall rules. Is this "Security Tutorial" going to support the use of these GUI's, or would it deal directly with rules and what they are meant to accomplish? Or would it be more general in the way of pointing out a need for certain securities to be in place without actually defining the details ? I guess eventually it would need to be developed to cover everything, or at least have references to existing howtos for each topic. Is it also to include, physical security matters. These are merely discission topics, which need to be discussed, not necessarily to be taken as questions. |
I agree that GUI programs often mess up things and produce errors that wouldn't occur if you would have done everything yourself.
|
| All times are GMT -5. The time now is 02:09 AM. |