Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??

I heartily and wholeheartedly agree.

A friend of mine runs a small ISP and was recently hacked through the recently announced BIND hole and has been trying desparately to clean things up. This has impacted all of his client web sites and caused no end of grief.

It started simply enough; DNS had been shut down. He restarted it, did a bit of research, and concluded that it had been a "white hack," a warning to beef up his security. Within a few days, though, he discovered that the same flaw had been used to compromise the rest of the system and that further mayhem was ensuing.

The relevant bit is that even though I had dutifully fowarded the link as soon I learned about it (here, actually), he failed to follow through and implement the patches quickly enough. He got side-tracked by other issues and is now paying the price for that.

Security needs more than knowledge, it needs action....regardless of your level powers on the machine(s) in question.

To begin, start learning how people get into your systems. I heartily recommend Hacking Exposed: Network Security Secrets & Solutions (Second Edition) by Joel Scambray, et al. (Osborne/McGraw-Hill, 10/2000). While it will make the most sense to administrators, it's written in a way that should be accessible to nearly everyone. It not only documents server, OS, and browser vunerabilities, it describes hacks in varying degrees of detail *and* provides countermeasures.

If you're not into the technical details (though I assume that you are, if you hang out here), you may also find Cliff Stoll's The Cuckoo's Egg an entertaining and (through implication) chilling reason to become interested in the gory details. While the book has received some criticism, the very idea should be enough to make the even most pointy-haired of bosses more than a little nervous.

If you don't have a lot of money, you can still start learning. There are a number of online resources devoted to security, ranging from SecurityFocus to documentation from the other side of the coin. (BTW, if you're using a proxy server that filters content, you may find yourself unable to get to certain sites. Keep digging. Use your personal dialup, if you must. Use care to disable JavaScript and take other basic precautions first.)

Other random measures:

  • Try to hack the systems you own or administer. As Stoll puts it, "rattle the doorknobs." If you can get in, others certainly can and may already have.

    Note: Do this *very* carefully. If it's a business system, get upper management's support before doing this. One of our own has had no end of trouble because of this very thing.

  • If you're not the admin or do not have root, then make friends with the person that has that access. that way, you'll have a certain amount of credibility when you discover areas of concern.

  • Before shopping at an online merchant, take a moment to view the source of the shopping cart. If they put bad data in hidden fields, flee. Don't trust that site with your credit-card number. If they have weak security in one area, they probably have weak security in others.

  • Before posting data to an online form, try to view the directory containing the script. If you can, flee.

  • Make sure you know what's in your cookies. Accept them sparingly and don't give trusted data to sites that don't handle it well.

  • Patch your browsers and your OS regularly, consistently, and diligently.

  • Don't keep anything on a connected computer that you don't want the rest of the world to see.

With regard to security, you have to follow Mulder's advice: "Trust No One" (and don't use TRUSTNO1 as a password).

--f  ...and, yes, I'm an X-Phile.

Update: Added a few more bits of random advice.

In reply to Re: Stay aware of security by footpad
in thread Stay aware of security by tilly

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?

    What's my password?
    Create A New User
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others chilling in the Monastery: (5)
    As of 2020-03-31 07:42 GMT
    Find Nodes?
      Voting Booth?
      To "Disagree to disagree" means to:

      Results (180 votes). Check out past polls.