• Passwords
  • Have a strong password policy
  • Enforce the use of strong passwords
  • Use shadow password files
  • Use passwd+ to enforce strong passwords
  • Audit access to key files

    ---

  • Use one-time passwords
  • Use Biometric authentication
• Review the Log files.
  • /var/run/utmp - tracks who is logged into the system (viewed via who, finger)
  • /var/log/wtmp - tracks who has logged in and out of the system (viewed via last)
  • /var/log/btmp - tracks failed logon attempts (viewed via lastb)
  • /var/log/messages - keeps messages from the syslog facility
  • /var/log/secure - tracks access and authentication information
• Protect the log files
  • set proper permissions on log files
  • store log files on separate server
  • make regular backups of log files
  • use write once media
  • encrypt log files
• Examine the files for unauthorized activity. Tripwire
• Periodically check for Rootkits (Carbonite)
• Listen for attempts to scan ports (Attacker)
• Scan for Cracking Tools - Rkdet - rootkit detector for Linux
• Keep an Inventory of Active Accounts
• Limit Who Has root Access
• Secure "Telnet and FTP"
• Turning off Telnet and FTP
• NeoTrace
• Port Detective
• Sniffer
• NetSniff

Please mail any comments about this page to summers_wayne@ColumbusState.edu