Re: making Debian secure by default

[Hans <hans.ullrich@loop.de>]

Hello,
personally I think, the best way is to plan, what you want to do with your 
system. What is its task. How secure it shall be.

And then just think of: What can happen? For example: Can someone boot wirt an 
external medium? Do more than one people got admin rights? How do people 
access? Can the server be stolen? And so on.

Make a list, do brainsorming with other people. Learn from other hacks.

And then act for every point you made. Think, how can this and this and this 
attack be inhibited, how can it be noticed and is there an alarm and so on.

For my personal experience, I never saw an attack in the past, which was not 
prepared. Before are runninng portscans or simple bruteforce attacks.

Here I am talking of activists and script kiddies, not APT's. APT's are much 
more difficult to defend and to discover, they can, but very, very difficult.

A good point to start is the doc "securing debian", and then, after you did 
this, think of, what you have forgotten and what did the docu not tell.

IT-Security is no software, it is a process, and you will have to learn for 
years, which is normal. The attackers learn, the defenders, too.

There is no straight, golden way, every server is different, and so are its 
defence. As I said, its a concept, and this can change during the years.

Hope this helps a little bit.

Best regards

Hans