Daily Security Tips from Ed Skoudis - Week of September 9, 2002
Security Tip for Friday, September 13th, 2002
Your internal and external DNS servers are critically important to your organization's security. Make sure your DNS infrastructure is carefully hardened with the latest security patches and a highly secure configuration. Protect the configuration of the DNS files on these systems using a file system integrity checking tool, such as Tripwire (commercially available www.tripwire.com or for free at www.tripwire.org) or AIDE (located at www.cs.tut.fi/~rammer/aide.html).
Security Tip for Thursday, September 12th, 2002
Because you may need law enforcement support when handling computer security incidents, attend HTCIA (High-Technology Crime Investigation Association) and Infragard meetings in your area. These organizations serve as an excellent way for commercial companies to exchange information with law enforcement regarding computer attacks. You can learn more about HTCIA at www.htcia.org, and Infragard at www.infragard.net.
Security Tip for Wednesday, September 11th, 2002
Make sure your computer incident handling team includes cross-discipline capabilities. Many companies assign only computer security personnel to the incident handling team. To properly respond to computer incidents, your team must include legal, Human Resources, physical security, and public relations, as well as computer security personnel. While it is unlikely that you'll get full-time legal or HR support in most organizations, you should have an identified contact from those groups with an explicit, assigned responsibility to support the incident response team.
Security Tip for Tuesday, September 10th, 2002
To find backdoors planted by attackers on your systems, conduct periodic port scans of your critical systems. On a monthly or even weekly basis, use the free, open source Nmap port scanner (available at www.insecure.org) to find listening ports. Reconcile the open ports you find with those ports that are expected to be open on the system. For a list of service assignments to various ports, consult the list maintained at www.iana.org/assignments/port-numbers.
Security Tip for Monday, September 9th, 2002
To find unsecured wireless LANs in your environment, conduct periodic war walking of your organization's buildings. Get a laptop or a hand-held computer with a wireless card and antenna. To discover wireless LANs, use the free NetStumbler tool for Windows, or MiniStumbler for PocketPC, both available at www.netstumbler.com. If you find a wireless LAN connected to your network that doesn't meet your wireless security standards, remove or reconfigure it immediately.