Manualshelf

Specifications

ManualsBrandsCabletron Systems ManualsNetwork CardE2100
211212213214215216217218219220
very good way to protect your systems against problems of all kinds is to get
and install the updated packages recommended by security announcements
as quickly as possible. SuSE security announcements are published on a
mailing list to which you can subscribe by following the link http://www.
suse.de/security. The list suse-security-announce@suse.de is a
first-hand source of information regarding updated packages and includes
members of SuSE’s security team among its active contributors.
The mailing list suse-security@suse.de is a good place to discuss any
security issues of interest. Subscribe to it under the URL as given above for
suse-security-announce@suse.de.
bugtraq@securityfocus.com is one of the best-known security mail-
ing lists worldwide. We recommend that you read this list, which receives
between 15 and 20 postings per day. More information can be found at
http://www.securityfocus.com.
The following is a list of rules which you may find useful in dealing with
basic security concerns:
According to the rule of using the most restricive set of permissions
possible for every job, avoid doing your regular jobs as root. This re-
duces the risk of getting a cuckoo egg or a virus and protects you from
your own mistakes.
If possible, always try to use encrypted connections to work on a re-
mote machine. Use “ssh” (secure shell) to replace telnet, ftp, rsh
and rlogin.
Avoid using authentication methods based on IP addresses alone.
Try to keep the most important network-related packages up-to-date
and subscribe to the corresponding mailing lists to receive announce-
ments on new versions of such programs (bind, sendmail, ssh, etc.).
The same should apply to software relevant to local security.
Change the /etc/permissions file to optimize the permissions of
files crucial to your system’s security. If you remove the setuid bit from
a program, it might well be that it cannot do its job anymore in the
way it is supposed to. On the other hand, consider that, in most cases,
the program will also have ceased to be a potential security risk. You
might take a similar approach with world-writable directories and files.
Disable any network services you do not absolutely require for your
server to work properly. This will make your system safer, plus it pre-
vents your users from getting used to a service that you had never
206 Security and Confidentiality