"Recently I moderated a group of security experts who manage
major Open Source Web sites. They not only deal with the networking
side of their sites, but they also confront the security problems
that arise. ... As the moderators introduced themselves, I
asked a simple question that I knew many of the audience members
wanted answered: "What do you consider as the most important points
for people trying to secure their web site?"
"Lynch's immediate response was,"Paying attention to detail."
Lynch said there are several things he does. He has a mental
checklist for a lockdown, usually done on an OS install. For
example, shutting down unneeded services, having SSHd run at
startup, and having a good snap/checksum of the machines. He admits
it was something in the buildup of the OSDN, ( Open Source
Development Network ), that wasn't always followed, due to some
pushing to get things done fast, but the OSDN Admin's are generally
in progress of a full audit right now, so attention to details is
definitely important, but a procedure is also important."
"Altas' answer was sort of a continuation to Lynch's response,
except he focused on the 'access control' side. He said, "to secure
a site you need to also know what the developer will be running and
what access they require. If some one needs for example FTP, it
should be locked down to just the system that is required to
connect. Be aware that there is always a new exploit out there.
Don't think you're safe just because your last audit of your system
looked good. Be always on alert for changes."
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.