[BALUG-Talk] Servers and security + Pen-testing(?)

acohen36 acohen36@SDF.ORG
Thu Mar 29 19:22:06 PDT 2018


Kim Davalos <kdavalos@sonic.net> wrote:
>
> Curious about what folks due to harden/secure their servers.
> Specifically I am NOT asking to be told what to do/how to do it.
>
> More interested in hearing about different practices and approaches,
> e.g., firewall management - iptables/nftables vs something like Check
> Point, limiting installed packages to what is necessary, closing unused
> ports, access restrictions, etc.


*Some* of what Michael P previously wrote at much further length regarding 
the above are also mentioned at nixCraft's ''40 Linux Server Hardening 
Security Tips [2017 edition]'', 
https://www.cyberciti.biz/tips/linux-security.html
IMHO, I think that the nixCraft article is less complete but better 
organized than Michael P's extensive prose.

Also, security expert Bruce Schneier has excellent Security writings on 
his ''Schneier on Security'' blog and essays websites; 
https://www.schneier.com/ and https://www.schneier.com/essays/ 
respectively.
AAMOF, I found Schneier's blogpost ''Choosing Secure Passwords'' at 
https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html 
extremely relevant and even _better_ than tips #8 thru #10 at nixCraft's 
''40 Linux Server Hardening Security Tips [2017 edition]''

There are Linux distros specifically designed to Penetration Test 
("pen-test")  how efficient your/one's Server Security setup really is 
after-the-fact.
Two such pen-testing distros I'm distinctly aware of from previous 
discussions at SF-LUG.com are Kali Linux -- https://www.kali.org/ -- and 
The Parrot System -- https://www.parrotsec.org/. Another distro invariably 
mentioned by others is The Amnesic Incognito Linux System a.k.a., TAILS 
(https://tails.boum.org/ ), but I get the distinct impression that TAILS 
(as great as it is) is more for Privacy than it is for Security and 
Pen-testing.

BTW, SF-LUG is having their next live meeting at SF's Cafe Enchante this 
Easter Sunday April 1st, from 11am to 1pm; see 
http://linuxmafia.com/pipermail/sf-lug/2018q1/013112.html

Well, that's my even-briefer two cents.
-A


acohen36@sdf.org
SDF Public Access UNIX System - http://sdf.org



More information about the BALUG-Talk mailing list