From owner-freebsd-questions  Sun Oct 10 11:51:54 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from granite.sentex.net (granite.sentex.ca [199.212.134.1])
	by hub.freebsd.org (Postfix) with ESMTP id 20C0915579
	for <questions@freebsd.org>; Sun, 10 Oct 1999 11:51:33 -0700 (PDT)
	(envelope-from mike@sentex.net)
Received: from ospf-mdt.sentex.net (ospf-mdt.sentex.net [205.211.164.81]) by granite.sentex.net (8.8.8/8.6.9) with SMTP id OAA13342 for <questions@freebsd.org>; Sun, 10 Oct 1999 14:51:27 -0400 (EDT)
From: mike@sentex.net (Mike Tancsa)
To: questions@freebsd.org
Subject: Re: security
Date: Sun, 10 Oct 1999 18:51:26 GMT
Message-ID: <3800ddd5.315266549@mail.sentex.net>
References: <MAIL19991009163225.19838.qmail@hotmail.com>
In-Reply-To: <MAIL19991009163225.19838.qmail@hotmail.com>
X-Mailer: Forte Agent .99e/32.227
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On 9 Oct 1999 12:32:53 -0400, in sentex.lists.freebsd.questions you wrote:

>Hi
>I am looking to learn more about Unix/BSD
>security as far as setting up syslog,umask
>values, file ownership, ftp, creating profiles,
>NFS, Firewall and anything else to secure severs.

The Firewall book at www.ora.com is one place to start, another is
www.securityfocus.com.  This will give you a rough place to start in terms
of the concepts you will need to understand.  Once you have identified the
various concepts, search through the mailinglist archives at
www.dejanews.com (power search through
mailing.freebsd.*,comp.unix.bsd.freebsd.* ) on each of those concepts for
discussions of them in the past as they relate to FreeBSD.  e.g.
packetfiltering -> ipfw, look for discussions around ipfw through the
mailing lists.
One topic that does not seem to be emphasized enough is the human aspect.
You can have the best technical security systems in place, but if there is
no one paying attention to what is happening, you are not too far ahead.
Something simple like, logging.  Yeah, the popper daemon actually log
password errors on pop3 sessions, but if no one examines the logs, what
good is it ?

	---Mike
Mike Tancsa  (mdtancsa@sentex.net)		
Sentex Communications Corp,   		
Waterloo, Ontario, Canada
"Given enough time, 100 monkeys on 100 routers 
could setup a national IP network." (KDW2)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message