“In my last article, “Why do I have to harden?”, I discussed how
security exploits develop and why you must do more than just patch.
Here, I explain what that “do more” bit means. “Hardening” a
system is the practice of making that system much harder to crack.
I like to think that this involves steps not only to prevent
break-ins, but also to detect them when they happen….“
“A standard firewall simply blocks TCP/UDP/ICMP packets
according to rules you specify. Usually, you use these to restrict
incoming traffic to certain programs/services. For example, you
should block incoming NFS/Samba requests from the Internet, as
these file-sharing protocols are only designed for local area
network use. In addition, you might block off the Windows
file-sharing ports, TCP/UDP 137-139, to block the increasingly
popular macro-virus Trojaning method. Kurt Seifried’s Linux
Administrator’s Security Guide has excellent information on
firewalling particular applications….”
“Patching is massively important! A machine running a year-old
Operating System version is usually rather vulnerable. Patching
doesn’t take much time and is, hands down, one of the most
effective steps you can take towards thwarting crackers. It’s
really important to keep up with this, by the way – as I showed in
my last article, your window of vulnerability is pretty long, even
without procrastinating on patches.”