ServicesReport IncidentsBest PracticesResources
Site search:
Report your Incident Report your Incident
Contact us Contact us
Related Resources:
  Guide to Intrusion Detection and Prevention Systems
  Sophos Technical Papers
  Sophos Web Seminars
  Mac security for web developers
Information for System Administrators

It is important to first think of what exactly you are trying to protect, how you can make processes better, not worse and not perfect. Secondly, think of the technology that
is going to help you accomplish that. Employ the tools that are needed and are necessary, rather than overloading your system with tools you think you might need.


  1. Define user rights to tasks
  2. Security practices defined by Cert.org
  3. Block unused USB ports
  4. Eight tips for wireless security
  5. Try password cracking software
  6. Request for Comments (RFCs)
  7. Secure critical areas
  8. Lock inactive computers
  9. Keep administrative rights to the minimum

Define user rights to tasks
Ensure that your users have the appropriate rights to carry out their tasks.
This way there is more control on who does what. You can assign specific rights
to either group accounts or to individual user accounts. Those rights vary from logging
on to a system to backing up files. It is wise to apply group rights to simplify administration tasks. By this way, when a user is added to a group he/she automatically inherits the rights associated with that group.

Security practices defined by Cert.org
System administration practices play a key role in network security. Checklists and general advice on good security practices are readily available. Below are examples of commonly recommended practices:

Ensure all accounts have a password and that the passwords are difficult to guess.
A one-time password system is preferable.

Use tools such as MD5 checksums (8), a strong cryptographic technique, to ensure
the integrity of system software on a regular basis.

Use secure programming techniques when writing software. These can be found
at security-related sites on the World Wide Web.

Be vigilant in network use and configuration, making changes as vulnerabilities become known.

Regularly check with vendors for the latest available fixes and keep systems current
with upgrades and patches.

Regularly check on-line security archives, such as those maintained by incident response teams, for security alerts and technical advice.

Audit systems and networks, and regularly check logs. Many sites that suffer computer security incidents report that insufficient audit data is collected, so detecting and tracing an intrusion is difficult.

return to top

Block unused USB ports
USB ports can allow devices to autorun programs as soon as they are mounted
on the computer. They could contain malware that could infect your system.
To prevent this from happening it is wise to have a policy around USB usage or disable unused USB ports.

Conflicker Summary and Review here


Eight tips for wireless security

  1. Change default passwords
    With your superuser account access you can change the default administrator
    and user passwords. It is important that you do that as soon as you install the wireless network to improve the security. The default passwords for many popular wirells network providers are well known by hackers. Keep changing your passwords every so often to maintain network security.
  2. Wireless Encryption Protocol (WAP)
    WEP should be turned on and make sure that you have the latest patch or system upgrade for your wireless router. It does not keep hackers away but at least it makes it a little more difficult to crack into your network.
  3. Do not mix vendors
    t is wise to stick to one venor for your hardware and software products rathe
    r than mixing various vendor products that do not work in harmony and you
    need to do extra work to follow updates and fixes.
  4. Build an intrusion detection system
    Be prepared to monitor your network traffic so that you can detect suspicious movements. With the right settings you can use it to prevent intrusions from taking place.
  5. Educate your users
    There are a great number of security incidents that take place out of carelessness and ignorance from the point of the user. Make sure you educate your users,
    have a security policy implemented to minimize risks.
  6. Devide wireless and wired networks
    Divide your wireless and wired networks into separate segments and implement
    a firewall in between to prevent anyone who has gained unauthorised access
    to your wired network to get into your wireless network as well.
  7. Arrange your access points
    Arrange your access points to cover only the area that you want it to cover.
    A wireless signal that exceeds the desired area can be exploited by crackers
    to access your network from the outside. There are some access points that reduce their signal strength when they are out of boundaries to minimise the risk involved.
  8. Turn off DHCP
    It is easier for attackers to obtain an IP address from your DHCP server once you have it enabled. By turning it off, you can set a fixed IP address range and configure each device to connect to them. You can also use a private IP address range
    for more security.

    return to top

Try password cracking software
It can be ironic, but password cracking progammes can help administrators check
the weekness of passwords within a network by breaking into a computer.
There are a number of those tools, some for free. For instance Passware is a payed one. These should be handled with care.

Request for Comments
Request For Comments (RFC) are a series of documents encompassing new research and innovations in internet technologies. The Internet Engineering Task Force (IETF) adopts some of those documents as proposals to become interent standards.

Here you can find some of those RFCs that are related to CSIRTs.

  1. RFC 3227 Guidelines for Evidence Collection and Archiving. Read more
  2. RFC 2142 Mailbox Names for Common Services, Roles and Functions. Read more
  3. RFC 2350 Expectations for Computer Security Incident Response. Read more
  4. RFC 2196 Site Security Handbook. Read more
  5. RFC 3013 Recommended Internet Service Provider Security Services and Procedures. Read more
  6. RFC 4949 Internet Security Glossary. Read more

Secure critical areas
Data security is almost useless if someone can easily walk away with the device where the data resides and have all the time in the world to try and access the data on the device. It is wise to have locked server rooms, locking desktops and laptops to the desk, and in general securing physical IT assets maybe with some access control implementation.

Lock inactive computers
When users walk away from their computers they are vulnerable as anyone can walk up and access all the information on that user's computer. There should be a policy that computers should be set to lock themselves after the shortest period of inactivity or users should lock their computers themselves whenever they leave their desk.

Keep administrative rights to the minimum
Many companies grant administrative rights to their users so they are free to install applications themselves. User-installed software can create security problems as well as copyright issues. Administrators should not rely on any user to do any IT work.

return to top







FORTH Logo