View Single Post
Old 16th May 2008
cajunman4life cajunman4life is offline
Real Name: Aaron Graves
Package Pilot
 
Join Date: May 2008
Location: Coolidge, Arizona
Posts: 203
Default

Quote:
Originally Posted by coppermine View Post
Quite vast topic. It's better to define some more pronounced direction for discussion, but the presence of this thread is good by itself.

My strategies are:
1) really strong passwords. At least 10 chars with big and small letters + numbers. Any user who actively refuses to obey this, is excluded being possible to login from outside
2) read or at least quickly skim the logs every day
3) before installing any service, I make sure that I really need this. It is worth to put services in DMZs if you have enough free boxes. Good network design to say...
4) frequently make and check the checksums with aide.
5) use sshguard to get rid of ssh login attempts
6) setup firewall with tested enough ruleset
7) whenever I see portaudit complaining about installed package security - I take the time to install it
8) if there are FreeBSD vulnerabilities published - I devote more time and inform the users about planned works.
9) and... the more important changes I am planning to do, I devote even more time to prepare and explore the consequences
10) finally, I use the handwritten journal about any more or less changes done to boxes either in hardware or in software world. It may be boring, but this book-keeping saved me more time in troubleshooting afterwards.
All very good. As far as a "journal," I've started updating a wiki on the intranet. It may be a bit overkill, but it works.
__________________
I just saved a bunch of money on my car insurance by fleeing the scene of the accident!
Reply With Quote