Notes - Security

.plan
[Last 5] [Last 10] [Index] [RSS Feed] [Full .plan]
Contact Me
Todo Chart (aka: How busy is Dylan?)

Research

ZFS Timeline Forensics
Honours Thesis
BSDCan 2014 Presentation
ZFS/ZDB Plaso Parsers

Notes

Notes
Security
Vim
C and C++
FreeBSD
more notes...

Software

Codepile
Assorted little scripts and apps.
rastodo.py
Commandline/Android ToDo list stored in a text file.
Android Apps
more software...

Game Mods

LethalMod
A Max Payne 2 mod - more realistic and deadly.
more mods...

RMITCS

C Helpdesk Resources
Customising Your CS Account
more RMITCS stuff...

Roleplaying Games

Shadowrun Notes(4th ed)
Heavy Gear Notes(2nd ed)
more RPG stuff...

Portfolio

Portfolio
Examples of my University work.

Miscellaneous

links
Old Image Gallery
Taglines
crazy
Trombone slide position chart [PDF]
[Back to home page]
[Back to Index]

[Raw XML]
Assorted security tips, oriented towards Unix-alikes but useful for all systems and networks.

Contents:

This is written mainly for Unix gurus who are not necessarily security experts. It will probably be too advanced for non-gurus.
This document assumes you already know some basic sysadmin/security terms (like firewall, proxy, IDS, SSH, SSL, daemon, service etc) and assumes you are capable of reading manpages and other documentation and configuring such software yourself.


Obvious things

  • Keep regular backups in multiple places so you can recover your data in the worst case scenario (everything gets compromised/trashed).
  • Change the default passwords on everything - any device, daemon etc which has a default password should be changed..
  • Don't run servers/services you don't need to.
  • Don't publish or make publicly available any details of your network (such as machine names and what services they run) any more than necessary.
  • Don't run unencrypted services which take passwords (telnet, ftp, etc).
  • Don't install or run anything from untrusted sources. This includes many games and mods, unfortunately.
  • Don't do your everyday stuff from an admin account - only use admin accounts for admin tasks.
  • Web Security

    General system tips

    For individual systems. For networks and services, see the entries further down.

    These tips are good practice and don't make anything significantly more difficult for users or admins. Many are fairly obvious too. See "Hardening" below for more restrictive security measures for when you want to really need to trade some convenience for security.

    Hardening a machine

    These tips improve security but significantly affect usability:

    Using untrusted Systems

    Just don't.
    Never use a untrusted system to log into anything. There is no way to prevent recording your key or password (see: "Hostile Host Problem")
    This includes friends computers, unless they are also a properly paranoid CS graduate.

    Using untrusted Networks

    E.g. public wifi, hotel/convention networks etc.

    Servers and Services

    Local Network

    Cheap Security: When you can't afford lots of separate systems

    For a home or SOHO network, where you cant afford dedicated servers and hardware.

    Hosts on your network you don't manage

    Either regular office drones or the roommates with Windows/Mac systems.

    Generated Sat, 17 Jan 2015 11:14:49 +1100
    Copyright © 2002-2014 Dylan Leigh.
    [HTML 4.01 Transitional]