Credits: This site powered by the vi text editor, apache webserver, perl scripting, and Debian linux.

"...Unix is a complex system that requires much thought to implement adequate security measures. The sheer power and elegance that make UNIX so popular are also its greatest security weakness. A myriad of remote and local exploitation techniques may allow attackers to subvert the security of even the most hardened UNIX systems...."
Hacking Exposed (should be cracking)

unix_security - Day 1

Admin

Texas state survey and Roll.

Goals

In this session you will:

use a secure unix distribution
lock down your own machine first
then worry about the network

first things first

Build a security model

what kind of services or data do you have to protect?
what is the threat model (current emp, past emp, digital terror, cracker, defacement)?
what are your resources?

start off on the right foot

Consider starting off with a hardened distribution:

SecureBSD
OpenBSD

physically secure the machine

know who has keys.
keycards
floors/ceilings
power supply
protect cabling from people, mice
neat cabling makes taps more obvious
wireless!

data preservation: backups, firesafes, offsite storage

data destruction: crush, burn, shred See notes below on install/upgrade authentication.

user accounts

keep track of what you've already got
delete unused accounts (sideline, archive, delete)
ensure no shared logins
- workgroups
- sudo
keep your users informed: motd, email, setting expectations
non-repetition of UID/GIDs

Homework

Non-technical PGP FAQ

http://www.mousetrap.net/syllabus/unix_security/day1.html
$Id: day1.orb,v 1.4 2002/04/03 00:35:39 mouse Exp $

Remember, your login is based on your machine's hostname, not on any other number.
~/[initials] refers to the subdirectory under your homedir, named after your initials. Everything except for .dotfiles will be stored in your ~/[initials] directory.