Documentation< Previous | Contents | Next >
Network intrusion detection is handled by a system that sees all the traffic that passes the firewall (not by portscanners, which advertise usable ports). Snort is an Open Source example of such a program.
Whitehats.com features an open Intrusion detection database, arachNIDS.
10.5.6. More tips
Some general things you should keep in mind:
• Do not allow root logins. UNIX developers came up with the su over two decades ago for extra security.
• Direct root access is always dangerous and susceptible to human errors, be it by allowing root login or by using the su - command. Rather than using su, it is even better to use sudo to only execute the command that you need extra permissions for, and to return afterwards to your own environment.
• Take passwords seriously. Use shadow passwords. Change your passwords regularly.
• Try to always use SSH or SSL. Avoid telnet, FTP and E-mail clients and other client programs which send unencrypted passwords over the network. Security is not only about securing your computer, it is also about securing your passwords.
• Limit resources using quota and/or ulimit.
• The mail for root should be delivered to, or at least read by, an actual person.
• The SANS institute has more tips and tricks, sorted per distribution, with mailing list service.
• Check the origin of new software, get it from a trusted place/site. Verify new packages before installing.