Home page logo
/

basics logo Security Basics mailing list archives

Re: Secure host newbie
From: Niek <niek () packetstorm nu remove com>
Date: Wed, 31 Mar 2004 10:54:53 +0200

Xilo Musimene wrote:

    Have a look at www.linux-sec.net, but you should pay an expert to
help you. Look for someone who will know how to work close to your budget,
there are guys out there who doesn't know how to work without a big
budget. There are a lot of ways to improve security with low budget, but
hire someone to help you.


I'll give that website a thorough shot!

I'm not going to try becoming an expert in just a few days... But I expect I can become fairly expert in specific topics. Such as firewalls; I beleive this topic is fairly small and could be covered completely within a few days. Then apache, again I beleive just a few days should be enough to read through the entire documentation and searching on the net/mailing lists for possible problems...

I'm going to read as much as possible everyday and slowly I'll put my system up piece by piece as soon as I can consider myself educated enough to set it up securely.

Thanks,
  Simon

Hi Simon,

Don't expect to be an expert on specific topics such as iptables/apache/ect.
The linux 2.4 firewalling, and the apache daemon are both complex entities.
Even tho you can read a lot about them in a few days, I find you need to grow
accustomed to them. Both have a whole lot op options, security settings,
and of course best practices to follow.

Furthermore, I would _NOT_ recommend using any non-commercial Redhat version
on a production machine. As mentioned before, Redhat stopped (will stop) support
for the non-commercial Redhat.
Vanilla Redhat 7.3 is exploitable in many ways. I personally like Slackware,
but any distro that has an eye for security/support/ect will do.

Kind regards,

Niek Baakman




---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]