Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!bloom-beacon!bu-cs!encore!pinocchio!peo From: peo@pinocchio.Encore.COM (Paul Orman) Newsgroups: news.sysadmin Subject: Re: Security checkup Summary: NCSC a good place to start. Keywords: security intruder self-help Message-ID: <3798@encore.UUCP> Date: 4 Oct 88 00:36:30 GMT References: <167@carpet.WLK.COM> Sender: news@encore.UUCP Reply-To: peo@multimax.UUCP (Paul Orman) Distribution: na Organization: Encore Computer Corp, Marlboro, MA Lines: 30 bill@carpet.WLK.COM (Bill Kennedy) writes: > I would like to know if one or more of the more seasoned System > Administrators could post some preventative measures that those of > us with less experience could use. I'm aware that there's little > to protect you from an expert renegade, but I mean the sorts of > things to keep out a journeyman prowler. I certainly am not one of the "more seasoned System Administrators" but I do know a good place to start with system security is the: National Computer Security Center 9800 Savage Rd. Fort Meade, MD 20755-6000 301-688-8742 Call and ask for the "RAINBOW" package. This is slightly overkill since the NCSC normally sends this package out to hardware and software vendors wishing to have their products security "rated" by US Gov. standards and tons of the material deal with the security ratings, however it does have much information that can be applied directly to a UN*X based system. Other interesting reading on security issues would be "UNIX REVIEW" volume 6 number 2. Of special interest is the article "A loss of Innocence" by Patrick Wood. The information supplied in these sources should be more than enough to put together as secure a system as one desired (within present day limitations - of course). ............................................................................... Paul Orman - encore!peo | I don't know enough to speak for Sys Admin peo@multimax.ARPA | myself, let alone my employer. ENCORE Computer Corporation |