Re: making Debian secure by default
Hello,
personally I think, the best way is to plan, what you want to do with your
system. What is its task. How secure it shall be.
And then just think of: What can happen? For example: Can someone boot wirt an
external medium? Do more than one people got admin rights? How do people
access? Can the server be stolen? And so on.
Make a list, do brainsorming with other people. Learn from other hacks.
And then act for every point you made. Think, how can this and this and this
attack be inhibited, how can it be noticed and is there an alarm and so on.
For my personal experience, I never saw an attack in the past, which was not
prepared. Before are runninng portscans or simple bruteforce attacks.
Here I am talking of activists and script kiddies, not APT's. APT's are much
more difficult to defend and to discover, they can, but very, very difficult.
A good point to start is the doc "securing debian", and then, after you did
this, think of, what you have forgotten and what did the docu not tell.
IT-Security is no software, it is a process, and you will have to learn for
years, which is normal. The attackers learn, the defenders, too.
There is no straight, golden way, every server is different, and so are its
defence. As I said, its a concept, and this can change during the years.
Hope this helps a little bit.
Best regards
Hans
Reply to: