http://qs321.pair.com?node_id=64699


in reply to Stay aware of security

I heartily and wholeheartedly agree.

A friend of mine runs a small ISP and was recently hacked through the recently announced BIND hole and has been trying desparately to clean things up. This has impacted all of his client web sites and caused no end of grief.

It started simply enough; DNS had been shut down. He restarted it, did a bit of research, and concluded that it had been a "white hack," a warning to beef up his security. Within a few days, though, he discovered that the same flaw had been used to compromise the rest of the system and that further mayhem was ensuing.

The relevant bit is that even though I had dutifully fowarded the link as soon I learned about it (here, actually), he failed to follow through and implement the patches quickly enough. He got side-tracked by other issues and is now paying the price for that.

Security needs more than knowledge, it needs action....regardless of your level powers on the machine(s) in question.

To begin, start learning how people get into your systems. I heartily recommend Hacking Exposed: Network Security Secrets & Solutions (Second Edition) by Joel Scambray, et al. (Osborne/McGraw-Hill, 10/2000). While it will make the most sense to administrators, it's written in a way that should be accessible to nearly everyone. It not only documents server, OS, and browser vunerabilities, it describes hacks in varying degrees of detail *and* provides countermeasures.

If you're not into the technical details (though I assume that you are, if you hang out here), you may also find Cliff Stoll's The Cuckoo's Egg an entertaining and (through implication) chilling reason to become interested in the gory details. While the book has received some criticism, the very idea should be enough to make the even most pointy-haired of bosses more than a little nervous.

If you don't have a lot of money, you can still start learning. There are a number of online resources devoted to security, ranging from SecurityFocus to documentation from the other side of the coin. (BTW, if you're using a proxy server that filters content, you may find yourself unable to get to certain sites. Keep digging. Use your personal dialup, if you must. Use care to disable JavaScript and take other basic precautions first.)

Other random measures:

With regard to security, you have to follow Mulder's advice: "Trust No One" (and don't use TRUSTNO1 as a password).

--f  ...and, yes, I'm an X-Phile.

Update: Added a few more bits of random advice.