What general security precautions should I take?
Computing Security,Information Security, NT security, Web Security and Network Security Questions and Answers
(Continued from previous question...)
What general security precautions should I take?
If you are a Webmaster, system administrator, or are otherwise involved with the administration of a network, the single most important step you can take to increase your site's security is to create a written security policy. This security policy should succinctly lay out your organization's policies with regard to:
* who is allowed to use the system
* when they are allowed to use it
* what they are allowed to do (different groups may be granted different levels of access)
* procedures for granting access to the system
* procedures for revoking access (e.g. when an employee leaves)
* what constitutes acceptable use of the system
* remote and local login methods
* system monitoring procedures
* protocols for responding to suspected security breaches
This policy need not be anything fancy. It need only be a succinct summary of how the information system work, reflecting your organization's technological and political realities. There are several benefits to having a written security policy:
1. You yourself will understand what is and is not permitted on the system. If you don't have a clear picture of what is permitted, you can never be sure when a violation has occurred.
2. Others in your organization will understand what the security policy is. The written policy raises the level of security consciousness, and provides a focal point for discussion.
3. The security policy serves as a requirements document against which technical solutions can be judged. This helps guard against the "buy first, ask questions later" syndrome.
4. The policy may help bolster your legal case should you ever need to prosecute for a security violation.
More suggestions for formulating a security policy can be found in the general Internet security reference works listed at the end of this document.
For Web servers running on Unix and NT systems, here are some general security precautions to take:
1. Limit the number of login accounts available on the machine. Delete inactive users.
2. Make sure that people with login privileges choose good passwords. The Crack program will help you detect poorly-chosen passwords:
3. Turn off unused services. For example, if you don't need to run FTP on the Web server host, get rid of the ftp software. Likewise for tftp, sendmail, gopher, NIS (network information services) clients, NFS (networked file system), finger, systat, and anything else that might be hanging around. Check the file /etc/inetd.conf (Unix) or Service Manager for a list of servers that may be lurking. Deactivate any that you don't use.
4. Remove shells and interpreters that you don't absolutely need. For example, if you don't run any Perl-based CGI scripts, remove the Perl interpreter.
5. Check both the system and Web logs regularly for suspicious activity.
6. Make sure that permissions are set correctly on system files, to discourage tampering.
Be alert to the possibility that a _local_ user can accidentally make a change to the Web server configuration file or the document tree that opens up a security hole. You should set file permissions in the document and server root directories such that only trusted local users can make changes. Many sites create a "www" group to which trusted Web authors are added. The document root is made writable only by members of this group. To increase security further, the server root where vital configuration files are kept, is made writable only by the official Web administrator. Many sites create a "www" user for this purpose.
(Continued on next question...)
Other Interview Questions
- How can I avoid computer viruses?
- What makes a strong password?
- What is Spyware?
- How can I avoid Spyware?
- What is a Firewall?
- How can I protect my home computer?
- I'm new to the Internet and have been hearing a lot about viruses. I'm not exactly sure what they are. Can you help?
- I've been hearing a lot about firewalls, but I'm not sure what it is or if I need it. Can you help?
- What is the security threat level today at the Internet Storm Center (ISC).
- What is this (X) IDS signature mean?
- SEM/SIM Security information management questions
- Checking on the interviewee's knowledge of legal issues and information security
- Use the out put from any network security scanner, which ever network security scanner is used by the interviewer
- How well the person can do architecture from scratch ...
- Where do I get patches, or, what is a Service Pack or a Hot Fix?
- What is impersonation?
- What is a SID (Security ID)?
- What are privileges (user rights)?
- What is an ACE (Access Control Entry)?
- What is an ACL (Access Control List)?
- What is SRM (Security Reference Monitor)?
- What is LSA (Local Security Authority)?
- What is SAM (Security Account Manager)?
- What is a secure channel?
- What is an access token?
- Host security
- Are there any NT based viruses, or can NT be susceptible for other viruses?
- How do I get my computer C2-level secure, or, what is c2config?
- Are there any known problems with the screen saver / screen lock program?
- How can I secure my client computers against my users?
- Can my page file hold sensitive data?
- User security
- Administrator account
- Guest account
- Network security
- Is NT susceptible to SYN flood attacks?
- Is it possible to use packet filters on an NT machine?
- What ports must I enable to let NBT (NetBios over TCP/IP) through my firewall
- What is Authenticode?
- What should I think about when using SNMP?
- What servers have TCP ports opened on my NT system? Or: Is netstat broken?
- What are giant packets? Or, is Windows NT susceptible to the PING attack?
- What is a NULL session?
- Web server security
- FTP server security
- What is Rollback.exe ?
- What is Shutdown.exe
- What is AFTP, NVAlert and NVRunCmd
- There are several security issues related to ODBC usage ...
- There are a number of things to do to get better security on remote connections ...
- By default, all auditing in Windows NT is turned off. You have to manually turn on auditing on whatever object you want audited ...
- Can I grant access to someone to view or change the logfiles?
- What is CryptoAPI
- Where is the password that I configure a service to start with stored?
- How do we “lock down” a new system?
- Securing New Systems questions
- Password Management questions
- Anti-Virus questions
- Software Maintenance questions
- Backups questions
- Physical Security questions
- Network Security questions
- Wireless Security questions
- Data Security questions
- Intrusion Detection and Recovery questions
- Disaster Recovery Planning questions
- Current Awareness of Security Issues questions
- Security interview questions for network admin questions
- What's to worry about Web Security ?
- Exactly what security risks are we talking about?
- Are some operating systems more secure to use as platforms for Web servers than others?
- Are some Web server software programs more secure than others?
- Are CGI scripts insecure?
- Are server-side includes insecure?
- What general security precautions should I take?
- How do I secure Windows 2000 and IIS 5.0?
- What is the URLScan Security Tool?
- What is the IIS Lockdown Tool?
- What is the HFNetChk Security Tool?
- What is the Microsoft Baseline Security Analyzer?
- What do you see as the most critical and current threats effecting Internet accessible websites?
- What online resources do you use to keep abreast of web security issues? Can you give an example of a recent web security vulnerability or threat?
- What do you see as challenges to successfully deploying/monitoring web intrusion detection?
- What is your definition of the term "Cross-Site Scripting"? What is the potential impact to servers and clients?
- What are the most important steps you would recommend for securing a new web server? Web application?
- Imagine that we are running an Apache reverse proxy server and one of the servers we are proxy for is a Windows IIS server. What does the log entry suggest has happened?
- You are engaged in a penetration-test where you are attempting to gain access to a protected location. You are presented with this login screen:
- What application generated the log file entry below? What type of attack is this?
- What does this log entry indicate? How could you identify what the contents are of the "hacked.htm" file that the attacker is trying to upload?
- The file is called "logon_validate" and a typical logon request looks like this ?