Steps to take to improve your network's security

We are all in this together. So, we are sending the message of prevention through training, education, cooperating, and partnering.

Ken Geide, 2nd in command at the FBI's National Infrastructure Protection Center (NPIC)

• Make sure you have good backups!!! - how will you recover?
• Be ready to respond to security incidents
• Begin using encrypted terminal sessions now, e.g., use ssh between your systems and to/from UCS systems - Kerberos is coming, too
• Increase awareness of password weaknesses and safe(r) use of passwords
• Try to know about and deal with weaknesses before you put workstation on the Internet
• Turn off all unneeded TCP/IP services and/or use RIIS (Replacement for Internal Internet Services)
• Keep up to date on security problems
  (e.g., Microsoft SMB holes, Internet Information Server .BAT hole, NTFSDOS)
• If you must share files with Windows PCs, use pcnfsd or SMB servers
  (these provide authentication)
• Understand how the X Window System works and how to safely use it
• Follow other steps in the Unix System Security Checklist
• Develop appropriate use policies and enforcement mechanisms
  
  • The Electronic Freedom Foundation has:
    • Sample computer policies (with many critiques)
    • FAQs on which policies are best and
    • Information on creating a policy
  • guidelines on procedures, policies, and incident handling can also be found in RFC 2196 - Site Security Handbook
• Consider centralizing logs, scanning them, and producing hardcopy of some information (which can't be erased)
• Consider isolating sensitive network segments with bridges/hubs and/or use ethernet switches
• Firewalls are also an option

[End] | [Prev]