A Guide to Internet Security: Part- 02

Now the next part of the paper is top secret.  Please only pass to trusted

administrators and friends and even some trusted mailing lists, Usenet

groups, etc. (Make sure no one who is NOT in the inner circle of security

gets this.)

This is broken down on How to Become an UeberAdmin (otherwise know as a

security expert) and How to stop Uebercrackers.

Step 1. Read Unix manual ( a good idea for admins ).

Step 2. Very Important. Install sendmail 8.6.4.  You have probably stopped 60 percent of all Uebercrackers

now.  Rdist scripts is among the favorites for getting root by

uebercrackers.

Step 3. Okay, maybe you want to actually secure your machine from the

elite Uebercrackers who can break into any site on Internet. 

Step 4. Set up your firewall to block rpc/nfs/ip-forwarding/src routing

packets. (This only applies to advanced admins who have control of the

router, but this will stop 90% of all uebercrackers from attempting your

site.)

Step 5. Apply all CERT and vendor patches to all of your machines. You have

just now killed 95% of all uebercrackers.

Step 6. Run a good password cracker to find open accounts and close them.

Run tripwire after making sure your binaries are untouched. Run tcp_wrapper

to find if a uebercracker is knocking on your machines.  Run ISS to make

sure that all your machines are reasonably secure as far as remote

configuration (ie. your NFS exports and anon FTP site.)

Step 7. If you have done all of the following, you will have stopped 99%

of all uebercrackers. Congrads! (Remember, You are the admin.) 

Step 8. Now there is one percent of uebercrackers that have gained

knowledge from reading some security expert's mail (probably gained access

to his mail via NFS exports or the guest account.  You know how it is, like

the mechanic that always has a broken car, or the plumber that has the

broken sink, the security expert usually has an open machine.) 

Step 9. Here is the hard part is to try to convince these security experts

that they are not so above the average citizen and that by now giving out

their unknown (except for the uebercrackers) security bugs, it would be a

service to Internet.  They do not have to post it on Usenet, but share

among many other trusted people and hopefully fixes will come about and

new pressure will be applied to vendors to come out with patches.

Step 10.  If you have gained the confidence of enough security experts,

you will know be a looked upto as an elite security administrator that is

able to stop most uebercrackers.  The final true test for being a ueberadmin

is to compile a IRC client, go onto #hack and log all the bragging and

help catch the uebercrackers. If a uebercracker does get into your system,

and he has used a new method you have never seen, you can probably tell

your other security admins and get half of the replies like - "That bug

been known for years, there just isn't any patches for it yet. Here's my

fix." and the other half of the replies will be like - "Wow.  That is very

impressive. You have just moved up a big notch in my security circle."

VERY IMPORTANT HERE:  If you see anyone in Usenet's security newsgroups

mention anything about that security hole, Flame him for discussing it

since it could bring down Internet and all Uebercrackers will now have it

and the million other reasons to keep everything secret about security.