Network Security (10)
Security Policy - II
- do not use world writeable files
- limit unsuccessful logon attempts
- use digital signatures
- install security tools: Tripwire, COPS, TCP wrapper packages
- define the level of acceptable risk
- design the rescue procedure after your system is compromised
- look for tools installed by the intruder (packet sniffers)
- look for trojan horses (modified programs, like login)
- read security news comp.security.announce, comp.security.unix, alt.security, and apply security recommendations (CERT)
- monitor Web and e-mail servers - the most commonly exploited weaknesses