Security
|
⇤ ← Revision 1 as of 2008-09-19 18:21:40
Size: 242
Comment: created stub to import from community docs
|
Size: 2389
Comment: Wiki page moved from help to wiki -- Dr Small
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| This is a placeholder for the Ubuntu Forums Beginners Team which is in the process of moving their wiki structure from the community docs. | ||<tablestyle="float:right; font-size: 0.9em; width:30%; background:#F1F1ED; background-repeat: no-repeat; background-position: 98% 0.5ex; margin: 0 0 1em 1em; padding: 0.5em;"><<TableOfContents>>|| |
| Line 3: | Line 3: |
| https://help.ubuntu.com/community/Beginners/Team/FocusGroups/Security ---- |
== Purpose == While it is often remarked that Ubuntu comes secure out of the box, many users often express concern over further hardening their systems. Beyond fortifying their OS, there is often concern(s) over an attempt or successful breach of user security. The goal of the Security Focus Group is to assist these users, both new and old, in the attempt at developing and assisting with solutions to security related matters. == Agenda == While the agenda could be implied from the purpose, the Security Focus Group should be willing and ready to assist a user in any way possible with working toward a solution for their security related problems. It is important that members of the security focus team be familiar with, or at least be willing to learn various security programs and procedures. These include, but are not limited to: IPTables, a working knowledge of the TCP/IP stack and basic server security. Basic server security should encapsulate at a bare minimum, setting up and maintaining a '''secure''' SSH server, '''secure''' Apache2 and Tomcat, in particular the proper logging and interpretation of access logs, setup practices and SFTP. Focus group members interested in a more advanced approach to security problems and resolutions should work on becoming well versed on the matters of SQL administration, common database exploitation methods, web vulnerability assessment, probing for vulnerable URL extensions and parameter tampering, and NMap flags and their various purposes. Continuing the advanced route, it is recommended that Security Focus Group members understand basic encryption, not necessarily the math but rather how to properly implement it. Familiarity with testing firewall rules and ACLs, Nessus, Metasploit, open source testing methodologies, HPing3, Nemesis and much more are also invaluable skills. Regardless of the individual's approach, the ability to prevent unauthorized access and probe for signs of unauthorized system entry are essential. == Relative Links == === Firewall Related === *[[https://help.ubuntu.com/community/Uncomplicated_Firewall_ufw|UFW - Uncomplicated Firewall]] |
Contents |
Purpose
While it is often remarked that Ubuntu comes secure out of the box, many users often express concern over further hardening their systems. Beyond fortifying their OS, there is often concern(s) over an attempt or successful breach of user security. The goal of the Security Focus Group is to assist these users, both new and old, in the attempt at developing and assisting with solutions to security related matters.
Agenda
While the agenda could be implied from the purpose, the Security Focus Group should be willing and ready to assist a user in any way possible with working toward a solution for their security related problems. It is important that members of the security focus team be familiar with, or at least be willing to learn various security programs and procedures. These include, but are not limited to: IPTables, a working knowledge of the TCP/IP stack and basic server security. Basic server security should encapsulate at a bare minimum, setting up and maintaining a secure SSH server, secure Apache2 and Tomcat, in particular the proper logging and interpretation of access logs, setup practices and SFTP. Focus group members interested in a more advanced approach to security problems and resolutions should work on becoming well versed on the matters of SQL administration, common database exploitation methods, web vulnerability assessment, probing for vulnerable URL extensions and parameter tampering, and NMap flags and their various purposes. Continuing the advanced route, it is recommended that Security Focus Group members understand basic encryption, not necessarily the math but rather how to properly implement it. Familiarity with testing firewall rules and ACLs, Nessus, Metasploit, open source testing methodologies, HPing3, Nemesis and much more are also invaluable skills.
Regardless of the individual's approach, the ability to prevent unauthorized access and probe for signs of unauthorized system entry are essential.
Relative Links
Firewall Related
BeginnersTeam/FocusGroups/Security (last edited 2010-10-27 03:12:14 by 71)