Recommendations (2)

• Security Policy - II

  • do not use world writeable files; limit unsuccessful logon attempts
  • use digital signatures; delete PHF programs
  • install security tools: Tripwire, COPS, TCP wrapper packages
  • define the level of acceptable risk
  • design the rescue procedure after your system is compromised
  • look for tools installed by the intruder (packet sniffers)
  • look for trojan horses (modified programs, like login)
  • read security news comp.security.announce, comp.security.unix, alt.security, and apply security recommendations (CERT)
  • monitor Web and e-mail servers - the most commonly exploited weaknesses

Previous slide

Next slide

Back to first slide

View graphic version