[BALUG-Talk] Servers and security + Pen-testing(?)
acohen36
acohen36@SDF.ORG
Thu Mar 29 19:22:06 PDT 2018
Kim Davalos <kdavalos@sonic.net> wrote:
>
> Curious about what folks due to harden/secure their servers.
> Specifically I am NOT asking to be told what to do/how to do it.
>
> More interested in hearing about different practices and approaches,
> e.g., firewall management - iptables/nftables vs something like Check
> Point, limiting installed packages to what is necessary, closing unused
> ports, access restrictions, etc.
*Some* of what Michael P previously wrote at much further length regarding
the above are also mentioned at nixCraft's ''40 Linux Server Hardening
Security Tips [2017 edition]'',
https://www.cyberciti.biz/tips/linux-security.html
IMHO, I think that the nixCraft article is less complete but better
organized than Michael P's extensive prose.
Also, security expert Bruce Schneier has excellent Security writings on
his ''Schneier on Security'' blog and essays websites;
https://www.schneier.com/ and https://www.schneier.com/essays/
respectively.
AAMOF, I found Schneier's blogpost ''Choosing Secure Passwords'' at
https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html
extremely relevant and even _better_ than tips #8 thru #10 at nixCraft's
''40 Linux Server Hardening Security Tips [2017 edition]''
There are Linux distros specifically designed to Penetration Test
("pen-test") how efficient your/one's Server Security setup really is
after-the-fact.
Two such pen-testing distros I'm distinctly aware of from previous
discussions at SF-LUG.com are Kali Linux -- https://www.kali.org/ -- and
The Parrot System -- https://www.parrotsec.org/. Another distro invariably
mentioned by others is The Amnesic Incognito Linux System a.k.a., TAILS
(https://tails.boum.org/ ), but I get the distinct impression that TAILS
(as great as it is) is more for Privacy than it is for Security and
Pen-testing.
BTW, SF-LUG is having their next live meeting at SF's Cafe Enchante this
Easter Sunday April 1st, from 11am to 1pm; see
http://linuxmafia.com/pipermail/sf-lug/2018q1/013112.html
Well, that's my even-briefer two cents.
-A
acohen36@sdf.org
SDF Public Access UNIX System - http://sdf.org
More information about the BALUG-Talk
mailing list