Cover V12, I09

Article

sep2003.tar

syslog

Computer security is everybody's concern now. No matter what your job title, you cannot assume that security is someone else's problem. In Jon Lasser's last column for SecurityFocus.com (http://www.securityfocus.com/columnists/159), Lasser laments the current state of computer security and writes: "...backups aren't sexy. Basic system hardening isn't sexy, either. Too many shops ignore both.... People will always pay more attention to new and exciting toys than to basic, well-understood practices. And they'll pay more attention to fixing problems in released systems than to designing and testing those systems before release. No matter how many columns I write suggesting that we do things right the first time, it's unlikely that the message will get through."

I'm a little more optimistic; generally, I think systems administrators do get that message because they see the big picture. They see how systems must be made to work together, how users must be coaxed (or coerced) into accepting system and policy changes, and how those policies must be strictly yet fairly enforced. Sys admins understand that what goes around comes around and that if they neglect sound administration practices in favor of more interesting projects, they'll be the ones to fix the problems that arise.

Various articles in this issue touch on the value of doing things right in the sense of implementing security software. Honeypots, for example, have gotten a lot of attention lately. These sound like fun tools and can provide extremely useful information, but they can also be a liability if not correctly used. Kristy Westphal's article examines several aspects of honeypots, including what they are, what legal issues to consider, how to appropriately deploy them, and how to maintain them. She stresses the need to examine the overall goals of any honeypot implementation and the ramifications of such a project before getting started. In another article, Eric Cole and Sandra Ring explain how kernel-level rootkit attacks work and how you can detect and protect against them. Keith McDuffee describes grsecurity, an open source tool that works primarily as a set of patches applied to the 2.4 Linux kernel. Rather than running specific tools to detect breaches or vulnerabilities in a Linux system, grsecurity implements process restrictions through the patched kernel.

Like backups and basic system hardening, these articles are not sexy, but they provide important information for maintaining secure systems and tips for doing it right the first time. I hope you find them useful.

Sincerely yours,

Amber Ankerholz
Editor in Chief

 
© 2003 CMP Media LLC. All Rights Reserved.
www.sysadminmag.com