Board index Unix Security

Policies & Procedures for Information Security

Policies & Procedures for Information Security

Post by jquizon » Thu, 06 Mar 2003 05:53:53



Does any one has a list of what policies/procedures manual should
contain for information(data) security on Unix System?
 
 
 
Top

Policies & Procedures for Information Security

Post by all mail refus » Thu, 06 Mar 2003 07:59:22



>Does any one has a list of what policies/procedures manual should
>contain for information(data) security on Unix System?

It will depend on the workplace culture as well as the Unix system.

Start by outlining who is responsible for what.  Identify various good
and bad practices in their general forms (e.g. password quality).

Avoid impossible requirements that only guarantee audit failure.

Lean toward automatic complicance rather than continual pursuit and
correction: with no rlogind/remshd you won't care how many stupid
+ signs the users put in their ~/.rhosts .

--
decoy mail addresses: obtain username via 0x4f/tcp or 0x50/tcp

 
 
 
Top

Policies & Procedures for Information Security

Post by Bas » Fri, 07 Mar 2003 05:01:35



Quote:>Does any one has a list of what policies/procedures manual should
>contain for information(data) security on Unix System?

I found rfc 2196 to be very usefull
see
http://www.ietf.org/rfc/rfc2196.txt?number=2196
 
 
 
Top

Policies & Procedures for Information Security

Post by Casper Alev » Fri, 07 Mar 2003 08:40:41



> Does any one has a list of what policies/procedures manual should
> contain for information(data) security on Unix System?

You might want to have a look at an excellent book on UNIX security and the
procedures and policies around it, O'Reilly's Practical Unix & Internet
Security. If you do stuff with UNIX and do stuff with security this book is
a must read, in my trying-to-be humble opinion.
Info at http://www.oreilly.com/catalog/puis3/ or, if you choose to be
convinced already and make no further judgement order it directly at
http://www.amazon.com/exec/obidos/ASIN/1565921488/dnssesecurthe-20

Good luck.

Regards,

Casper
--
http://www.dsinet.org/ - Dutch Security Information Network
"Don't quote, I want to know what you have to say." -Anonymous

 
 
 
Top

Policies & Procedures for Information Security

Post by Casper Alev » Fri, 07 Mar 2003 09:22:43



> Does any one has a list of what policies/procedures manual should
> contain for information(data) security on Unix System?

[original reply canceled, gave you url to wrong edition]

You might want to have a look at an excellent book on UNIX security and the
procedures and policies around it, O'Reilly's Practical Unix & Internet
Security. If you do stuff with UNIX and do stuff with security this book is
a must read, in my trying-to-be humble opinion.
Info at http://www.oreilly.com/catalog/puis3/ or, if you choose to be
convinced already and make no further judgement order it directly at
http://www.amazon.com/exec/obidos/ASIN/0596003234/qid=1046909987/sr=2...

Good luck.

Regards,

Casper
--
"Don't quote, I want to know what you have to say." -Anonymous

 
 
 
Top

1. Security Policies and Procedures Vendors ?

Hi Unix security "Gurus"
We are in the process of writing policies and procedures for our computer
system security, that includes: Security policies and procedures, user account
policies and procedures, etc,.....

Does anyone have such experiences or their companies that help do this ?
Please advise.
Please e-mail to me at:

or call:
(602) 694 6426

Thank you

2. Winmodem = Losermodem

3. Corporate Security Policies and Procedures

4. modem dropping characters

5. SEcurity & Policy Editor [Win95]

6. Motherboard Question

7. ++!!!- Security Specialist -Policy & Planning - TORONTO !!++

8. getting chat to work with pppd

9. +++!!!- Security Specialist -Policy & Planning - TORONTO !!+++

10. Standard Operating Procedures/Policies

11. Procedures/Policies For Large Unix Sites

12. wanted: policies and procedures for quasi-central administration

13. Request for Policies and Procedures Documents


All times are UTC
Board index