Discover LinuxSecurity Features
IT Security Cookbook Now Available
LinuxSecurity.com, the community's center for security, has made available the resources within the IT Security Cookbook to its users and provided Boran Consulting with a new home, as well as email and DNS services.
"I was already a pretty frequent visitor to LinuxSecurity.com," writes Sean, "so it seemed quite a natural place to host the cookbook, when the idea was proposed."
LinuxSecurity.com: Why is it important for IT professionals to read your cookbook?
Sean Boran: Because it starts at the top (policies) and goes all the way down to technical recommendations.
LinuxSecurity.com: What is the intended audience?
Sean Boran: Well there a general policy/classification section that is probably of interest to a large audience, where as the technical chapters on UNIX and Windows are useful to administrators of these systems. More precisely:
- Line managers (Chapters 1-4, 6).
- Computer Users (Chapters 1, 2, 6.2 User Policy)
- System administrators, Security administrators: Chapters 7-22
- Technical Project leaders: Chapters 1-7, 15.
LinuxSecurity.com: Why did you write the cookbook in the first place?
Sean Boran: I didn't see anything similar on the net at the time (back in 1995/6), there was a few documents here and there, but little that pulled the various security issues together. I also wanted to make my contribution to the Internet, instead of "just taking" ...
For example I use lots of free software developed by others, this was my way of "doing my bit". Security was a pretty closed affair a few years back, before SANS and all the new portals such as LinuxSecurity.com, I wanted to share ideas and allow peer review of my ideas.
LinuxSecurity.com: How long has it taken to write?
Sean Boran: About 1 year, with many additions/corrections over the last 5 years. Mind you like much "software" it's probably due a rewrite!
LinuxSecurity.com: What does Boran Consulting do?
Sean Boran: We provide IT Security and Operations services to our customers. The exact focus depends on the environment and customer needs. Last year we did a lot of work on Intrusion detection systems and audits, a few years back the focus was more on education, policy, strategies and concepts. Over the last two years many articles were written for SecurityPortal until it's demise last summer. These articles allowed me to better document and generalise tools and ideas I was using in the consulting practice.
LinuxSecurity.com: What are your future plans for the reference?
Sean Boran: I've been working on a series of accompanying articles on Solaris hardening, ssh and Linux. These are not yet integrated into the book, but can be reach at Sean Boran's Published Articles. I really need to review and review the book entirely, expecially the techie chapters, but am having trouble finding the time..
LinuxSecurity.com: What are some of the major pitfalls Linux administrators fall into?
- Using default settings (though the vendors are improving a lot here)
- Installing too much software
- Not monitoring logs
- Don't have policy, or have never really analysed the risk: they may be
concentrating in the wrong area.
LinuxSecurity.com: How can your reference solve these problems?
Sean Boran: Many Linux users are techies and have a pretty good grasp of the techical issues of secuity, and sites like LinuxSecurity can keep them up to date. But a crash course on Policies and Risk management would do no harm. This book crosses many boundaries, from policy to security management to firewalls, from penetration testing to securing NFS to using encryption.
LinuxSecurity.com: What do you feel is the most common Linux vulnerability? What can be done to prevent it?
Sean Boran: The buffer overflow. Measures:
- Only install what you really need.
- Watch the logs of any active network daemons carefully, and chroot 'em if you can, don't run them as root if possible.
- Only let people access your system who really need to.
- Setup a regular patching schedule
- Pray that SW will get better...
LinuxSecurity.com: Do you believe the open source nature of Linux provides a superior vehicle to making security vulnerabilities easier to spot and fix?
Sean Boran: In the long run yes, but it's been painful. The basic problem is that 99% of people USE open source, but only 1% or so have to do all the work and write the stuff. I'm convinced that it's a good thing and we should all do our bit to support open source, I'd especially like to see large corporations committing programmers to key OpenSource projects.
LinuxSecurity.com: Sean, thanks for taking a minute to speak with us today.