Words to the Wise
We believe good security is good system administration and vice versa. Most of this chapter is just common-sense advice. It is probably sufficient for most circumstances, but certainly not for all.
Make sure that you know if there is an existing security policy that applies to your network or system. Find out if your security situation is governed by regulations or laws. If there are policies, regulations, or laws governing your situation, make sure to obey them. Never do anything to undermine the security system established for your site.
No system is completely secure. No matter what you do, you will have problems. Realize this and prepare for it. Prepare a disaster recovery plan and do everything necessary, so that when the worst does happen, you can recover from it with the minimum possible disruption.
A large list of security publications can be found at http://csrc.nist.gov/secpubs. If you want to read more about security we recommend the following resources:
RFC 1244, Site Security Handbook, P. Holbrook, J. Reynold, et al., July 1991.
RFC 1281, Guidelines for the Secure Operation of the Internet, R. Pethia, S. Crocker, and B. Fraser, November 1991.
Windows NT Server 4 Security Handbook, Lee Hadfield, Dave Hatter, and Dave Bixler, Que, 1997.
Building Internet Firewalls, Brent Chapman and Elizabeth Zwicky, O’Reilly & Associates, 1995.
Firewalls and Internet Security, William Cheswick and Steven Bellovin, Addison-Wesley, 1994.
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access