Re: Hardening against attacks?

[Dallas]

Title: RE: Hardening against attacks?

I currently limit all activity as much as I can anyway however, I work for a company that wants the bells & whistles that Microsoft sold them. When I brought Linux in here they laughed, however we have not had a virus make it to the desktop in 9 months, and Their prized NT 4.0 Enterprise Server has been taken out twice in the same time. It sets out side of the Linux firewalls, behind a Cisco 2600.   I currently use Sendmail/Procmail to forward, scan & content filter all emails into the Exchange Servers. I also utilize Spamhaus.org's Spam block list. I also run NSA's hardened kernel 2.4.19, Snort, iptables and Tripwire. I still get 5-10 different attacks on average per day, most of which are looking for MS Internet Information Server holes. I want to automatically track these people down, so I do not have too.   Thanks for your input.     ----- Original Message ----- From: Cochran Robert L (NO) To: '[EMAIL PROTECTED]' Sent: Tuesday, October 29, 2002 1:24 PM Subject: RE: Hardening against attacks? I agree with Kevin. Securing a network is (very) hard work. Thanks   Robert L. Cochran -----Original Message----- From: Kevin McConnell [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 29, 2002 2:08 PM To: [EMAIL PROTECTED] Subject: Re: Hardening against attacks? --- Dallas <[EMAIL PROTECTED]> wrote: > I am looking for recommendations in hardening RedHat > 8.0 from both virus and attacks, to protect a > network. I currently use (4) Rehat 7.1, based x86 > systems to protect an internal network. > > However, I am tired of finding someone or mostly > servers/pc's that have been taken over without the > owners knowledge attacking us. Or probing for holes. > > I want to find a monitoring software that will > detect an attack, find the source and send an abuse > report & notify me, maybe more. > The problem here is that security and virus prevention is not an event. It is a process, that is long and much work, and continual. There is no magic bullet. No one tool, or one answer. In order to securify and protect against these things, some common sense must be employed. For example, using mail clients that don't allow VBscript to run, such as outlook. ( I picked this one because I notice that you are using it ). Also, sending and receiving HTML mail as opposed to plain text ( I also picked this one for obvious reasons ). This can also drastically reduce problems. Sometimes it's the little things that matter. Sometimes we don't have control over things. Using portscan detection, libwrap options, virus stripping programs, attack fingerprint detection software and everything you can think of... that's protection. Not enough, but it's a start. To really securify and protect, you need protection in layers... multiple layers. Reading is the prevention you need. ===== Kevin C. McConnell --RHCE-- <Red Hat Certified Engineer> __________________________________________________ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/ -- Psyche-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/psyche-list