Most needed defenses

The CERT Coordination Center (CERT/CC) periodically produces summaries of attack activity around the Internet, and maintains a weekly update of current activity. You should frequently check these pages to make sure you are patched for the most current holes being exploited on the Internet, plus all known holes going back over time (as these holes will continue to be exploited by intruders for years.)

Unix System Security Checklist

The following is a partial checklist of actions that can be taken to improve security of your Unix system. This list is neither complete, nor can all of the steps be taken on a given system.

It is not sufficient to just go through this list once, as many of these things will change over time. You should periodically "audit" your network, or install tools that will automatically monitor some aspects of system security and notify you of anything that is discovered. Even then, there is still the potential for successful attacks (through modems or any network or terminal connections). You should never consider your systems 99.999% safe unless there is no way to get in besides the keyboard at the console (to be 100% safe, you must also remove the power supply!)

Other resources

The items on the above list were derived from various sources, including books on Unix security referenced in the course notes for R870: Unix System Administration, RFC 2196 - Site Security Handbook and the SRI International white-paper, "Improving the Security of Your Unix System" (here is the cover page for this white-paper)

AUSCERT has a very detailed security checklist you may wish to also read.

Also see the Defense Information Infrastructure (DII) Common Operating Environment (COE) Information Security (INFOSEC) checklist. [Personally, I don't think it includes enough acronyms.]

Internet Security Systems, Inc. maintains a list of security related FAQs

You should also visit the CERT web site. There you will find such gems as:

University of Washington system administrators can always send email to for questions and assistance with anything mentioned in this article.

since 03/22/96
Dave Dittrich <>
Last modified: Tue Jan 8 15:03:49 PST 2002