Linux.com: Cyber Attacks Prove Costly; 4 Security Experts Managing Major Open Source Sites DiscussJan 04, 2001, 18:32 (0 Talkback[s])
(Other stories by Derrick H. Lewis)
"Recently I moderated a group of security experts who manage major Open Source Web sites. They not only deal with the networking side of their sites, but they also confront the security problems that arise. ... As the moderators introduced themselves, I asked a simple question that I knew many of the audience members wanted answered: "What do you consider as the most important points for people trying to secure their web site?"
"Lynch's immediate response was,"Paying attention to detail." Lynch said there are several things he does. He has a mental checklist for a lockdown, usually done on an OS install. For example, shutting down unneeded services, having SSHd run at startup, and having a good snap/checksum of the machines. He admits it was something in the buildup of the OSDN, ( Open Source Development Network ), that wasn't always followed, due to some pushing to get things done fast, but the OSDN Admin's are generally in progress of a full audit right now, so attention to details is definitely important, but a procedure is also important."
"Altas' answer was sort of a continuation to Lynch's response, except he focused on the 'access control' side. He said, "to secure a site you need to also know what the developer will be running and what access they require. If some one needs for example FTP, it should be locked down to just the system that is required to connect. Be aware that there is always a new exploit out there. Don't think you're safe just because your last audit of your system looked good. Be always on alert for changes."