On Thursday, 17.03.2005 at 13:37 +0000, Graham Smith wrote: > [...] > > Perhaps I was a little flippant saying it was horribly out of date. I > started off with woody but I use my main server box for more than just > Apache and SSH (funds don't allow for two boxes at present) and > getting backports of all the other stuff it runs would be a major > hassle. > > Thanks for the information. Do you have any other good security tips? Pay special attention to the service you are exposing to the public. Minimize these and minimize the features available within them. If you're exposing SSH to the world, it doesn't hurt to run in on a non-standard port (this *is* 'security by obscurity, but it's simply another layer), only allow public-key authentication rather than passworded logins etc. If you are running anything dynamic on your web site, which accepts random input, secure these scripts/apps. I've heard many people say "I'm only running Apache", but what they really mean is they're running Apache, phpBB, php-something-else, various custom CGI scripts ... These all need to take care to sanitize input. Dave. -- Please don't CC me on list messages! ... Dave Ewart - davee@sungate.co.uk - jabber: davee@jabber.org All email from me is now digitally signed, key from http://www.sungate.co.uk/ Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92
Attachment:
signature.asc
Description: Digital signature