Stuart McClure's Daily Security Tips for the Week of November 11th
Web Security Tip for Friday, November 15th, 2002
Ensure limited privileges The web services and databases services typically run as a user or administrator of the system. As such, you must limit the user privileges these services have. For example, while Microsoft's SQL Server comes installed with the "sa" user, you should never use it for normal day-to-day database access within your application. Instead, you should create a new user with some (but not all) privileges; just enough to get the job done. For more information on SQL Server user privileges, check out www.sqlsecurity.com.
Web Security Tip for Thursday, November 14th, 2002
Strong authentication Brute force attacks take advantage of weak passwords. And while the password will be with us for decades to come in terms of authentication mechanisms, it is a good idea to audit these passwords regularly with a tool like John the Ripper (http://www.openwall.com/john/). If possible, you should move to a stronger form of authentication such as SecureID tokens from RSA (www.rsa.com).
Web Security Tip for Wednesday, November 13th, 2002
Enable auditing Every major operating system and application has the ability to log requests. As such, you should enable as much logging as possible before bringing a system into production. This includes system audit logs such as those on Windows, web server logs, and database transaction logs.
Web Security Tip for Tuesday, November 12th, 2002
Remove unnecessary access By default, most systems are set up with a multitude of unnecessary users and groups. Be sure to understand the needs of your applications and only allow access to users who indeed need it.
Web Security Tip for Monday, November 11th, 2002
Remove unnecessary network services This should be the mantra of all system administrators around the world. A default installed server with default installed operating systems and applications typically has so many services running that a hacker could drive a truck through them. So remove those services in any manner possible: stop services, edit /etc/inetd.conf files, stop running systray icons, etc. If you want to know all the programs that are listening on certain ports, you can check out Vision by Foundstone (http://www.foundstone.com/ knowledge/forensics.html).