In article <Bu6tvF.881 at usenet.ucs.indiana.edu> gilbertd at sunflower.bio.indiana.edu (Don Gilbert) writes:
>For those of you who manage Unix or VMS systems, I strongly
>recommend that you read thru the CERT advisories that apply to
>your systems, including their general advisories on Internet
>intruders, if you haven't done so recently. If you have an
>Internet-connected computer, the only way to insure it isn't
>broken into by bad people is to be vigilant on security.
All excellent advice. To some extent, being vigilant is not
sufficient. Some training (formal or otherwise) and keeping
up with the state of the art in computer security is required.
Some people actually make a full time job of it. What you suggest
is a step in the right direction [and more than most do], but if
you have an internet system which you mean to keep reasonably
secure, you will either have to invest a lot of time, or some
money to pay someone who will. My brother-in-law used to spend
hours trying to keep squirrels out of the bird-feeders, and always
failed. He contends that while he is smarter than the squirrels,
they had more motivation and time. In this case there are a lot
of squirrels, some are smarter than you, and they also have
a lot of time and some bizarre form of motivation.
For those unwilling to dedicate their lives or grant funds
to computer security, I'd also suggest they read the guides
to system security that come with the VMS and better Unix systems.
These document features which will help secure your system, if
used properly. Many security holes are simply not setting up
your system properly, and will rarely be found in CERT advisories.
There are some excellent books on the topic in general (though these
obviously cannot address the latest specific SunOS hole), and
some newsgroups (comp.security.announce, comp.security.misc, alt.security,
and alt.security.index) which tend to have a very low signal to noise ratio.
There are also some FAQ sheets for at least one of these groups which
may serve to concentrate some of the information, and eliminate a lot
of the noise.
Also be aware that some vendors (obviously not SwisscheeseOS) are
rather circumspect about exposing holes via CERT on the theory that
they are telling everyone how to break into all the systems of people
who don't get the CERT advisory. Particularly if you don't have
a software update contract with the vendor, you should make sure you
are hooked into their security advisory system.
stodola at fccc.edu -- Robert K. Stodola (occasionally) speaks for himself.