Internet Server Security

September 10

Introduction

Class notes
UNIX as Literature
UNIX as an Element of Literacy
Open Source and Security, Diffie
Open Source and Security, Schneier
Full Disclosure
UNIX File System Hierarchy Standard, explains where files live on a UNIX system
500,000 UNIX Tutorials, learn some basic UNIX commands, or just suffer
GNU/Linux Security Checklist
Internet Networking Concepts, short and sweet basic networking and TCP/IP networking explained

September 17

Decide on your services, determine what to install	Limiting services
Implement a backup and disaster recovery strategy, test it.	Backup 1 Backup 2
Install software updates	Software updates
Check for unused suid binaries to remove	Check for suid scripts
Disable remote root logins.	Remote root /Wheel
Enable the wheel group	Remote root /Wheel
Make sure shadow files are in use, setup password policies	Shadow files
Configure PAM	PAM
Set user policies, core dump size, memory usage, etc.	Core dumps
Check the rc startup scripts	rc scripts
/etc/inetd.conf	Inetd
Setup the tcp wrappers	tcpd
Consider tcpserver or xinetd	UCSPI / Xinetd

September 24

Basics II

Configure standalone daemons with libwrap library	Libwrap
Configure network packet filtering	Linux Packet Filtering Documentation, here is the iptables and ipchains documentation straight from the author IBM's introduction to Netfilter/IPtables
Check configuration of system logging with syslogd
Install a tripwire or two	Sample AIDE configuration file Sample AIDE output AIDE MAN page AIDE config file MAN page Tripwire MAN page from RedHat 7.3 Sample Tripwire policy file from RedHat 7.3, this is from a default install
Create a schedule for applying patches.
Document your setup and procedures for reference	Server documentation
Physical security
rpm -V	About RPM
Defense in depth	A defense in depth example
sudo
Packages to avoid
password cracking
Log analysis

October 1

FTP	Article on FTP PORT and PASV modes Article on secure FTP products RFC for FTP security add ons IETF draft of FTP SSL VSFTPD homepage PROFTPD homepage
Web	Apache basic security practices Cross Site Scripting Article Another article on XSS from IBM Article on cracking MS Passport using XSS Article on writing secure PHP applications A very good guide to building secure web applications
Email	Qmail homepage Postfix homepage Qmail patch for authenticated SMTP over SSL
Sniffing	UW article on password sniffing dsniff's homepage
Encryption	encryption lecture BSD and Linux MD5 password algorithm Atlantic monthly on public key encryption A mathematical treatment of public key Netscape on SSL Netscape on public key Abe on encrypted file systems Better info on encrypted file systems Password recovery tools An introduction to using GPG

October 8

Intrusion Detection	ids lecture Linux intrusion detection system Snort network intrusion detection Portsentry HostSentry can also be found at psionic.com ACID arp watching tool Chkrootkit script
Spoofing
Man-in-the-Middle	Hunt README Hunt session watching, hijacking tool

October 15

Root Kits	Old original kernel based rootkit, Knark Another is called Adore SuckIT kernel rootkit
Auditing	COAST's large variety of auditing tools and more Nessus ... local download NMAP's homepage CIAC utilities The Security Auditor's Research Assistant
Kernel	A kernel module to protect against hackers PatchFinder

October 22

Buffer Overflows	Buffer overflows Stack Smashing Collection Secure Programming HOWTO Heap Overflows Classic Windows buffer overflows Linus on "Why no executable stack patch?" Libsafe project Stackguard project Source code scanners Buffer Overflow Lecture, exercises
Denial of Service	Syncookies defense against SYN floods

October 29

Post Mortem

November 5

Honey Pots	What are honeypots? Honeyd Linux exec patch Deception Toolkit Bigeye
Tar Pits	LaBrea

November 12

FreeBSD /OpenBSD by Randy Smith

November 19

Security Policies
Law
Notable Exploits	Ken Thompson C Compiler Backdoor The Great Internet Worm
Exit Exam