Always know exactly what ports you have open. Dont let any attachments in.
Have DMZ's.
Pay attention to bugtraq and errata postings.
Nmap every once in a while.
Only have two ssh's open to get in and have the IPs defined in hosts.allow.
ALWAYS upgrade when security bugs are fixed.
Have snort on the main DMZ in a promiscuous switch port, get some nice looking reports going.
Pay attention to bandwidth useage ( cricket ).
Add a dash of portsentry+tcpwrappers.
Dont act macho and send nasty letters to people who try to get in.
Maybe, dont return pings ( tcp-reset ) or portscans.
Bind 9 with zones.
Check all logs all the time (3 times a week).
KISS = keep it simple stupid.
Dont hire lazy admins.
Try out all new security related programs.
I SHOULD be sending most all logs to a central host.
Make sure MS admins dont totally let their guard down.
*pant*pant*. ummmmm, thats about it for now.
Oh and dont enable web crap on routers etc (more ports open).
ssh for everything.
shut down telnet.
https for everything.
Try to protect email, imap, pop (plaintext over the network).
Read the "security section of all apps you install and try to KISS
ummmmmmmm, thats about it for me.
everyone already knows this but im just throwing in my 2 cents:-)
I would like to know (Other that what distro they use) what Google uses to efficiently spread apache of mysql or whatever over alot of Linux Servers, is it automated? (NIS, NFS???)
Well I have the first sun7 test.
Learned Linux on my own.
Suffered during carrer change.
Picked up entry level job.
Got another entry level job (with better future prospects) through a friend.
2 years pass.
Directly responsible for (Admin) 8 webservers and 3 email servers and *god help me* moving a pretty big production server room across town
Sr Admin doesnt document a thing and has awful communication skills. *VENT* Im pretty damn lucky to be working now where I am.
Slashdot Mirror
dont waste even 3 minutes reading that article. I love e-week btw. heres the article people want virtualization support in the kernel.
This really makes me sick to my stomach. I HATE Hollywood. Well off to eMule to get some good documentaries.
Dont let any attachments in.
Have DMZ's.
Pay attention to bugtraq and errata postings.
Nmap every once in a while.
Only have two ssh's open to get in and have the IPs defined in hosts.allow.
ALWAYS upgrade when security bugs are fixed.
Have snort on the main DMZ in a promiscuous switch port, get some nice looking reports going.
Pay attention to bandwidth useage ( cricket ).
Add a dash of portsentry+tcpwrappers.
Dont act macho and send nasty letters to people who try to get in.
Maybe, dont return pings ( tcp-reset ) or portscans.
Bind 9 with zones.
Check all logs all the time (3 times a week).
KISS = keep it simple stupid.
Dont hire lazy admins.
Try out all new security related programs.
I SHOULD be sending most all logs to a central host.
Make sure MS admins dont totally let their guard down.
*pant*pant*. ummmmm, thats about it for now.
Oh and dont enable web crap on routers etc (more ports open).
ssh for everything.
shut down telnet.
https for everything.
Try to protect email, imap, pop (plaintext over the network).
Read the "security section of all apps you install and try to KISS
ummmmmmmm, thats about it for me.
everyone already knows this but im just throwing in my 2 cents :-)
I would like to know (Other that what distro they use) what Google uses to efficiently spread apache of mysql or whatever over alot of Linux Servers, is it automated? (NIS, NFS???)
Well I have the first sun7 test.
Learned Linux on my own.
Suffered during carrer change.
Picked up entry level job.
Got another entry level job (with better future prospects) through a friend.
2 years pass.
Directly responsible for (Admin) 8 webservers and 3 email servers and *god help me* moving a pretty big production server room across town
Sr Admin doesnt document a thing and has awful communication skills. *VENT*
Im pretty damn lucky to be working now where I am.