[Courses] [Security] Class formats and contents

jennyw jennyw at dangerousideas.com
Tue Mar 5 12:21:55 EST 2002 

From: "Rosie Jones" <rosie+ at cs.cmu.edu>
> sound so good to me. And I also like the suggestion "How can I tell if my
> linuxbox has been hacked". With a Follow-up "How do I clean up my hacked
> linuxbox".

Yes! That would be great. The box I have my Web sites on got hacked (it's
BSD) and I didn't discover it immediately. I *think* I cleaned out
everything, but it's hard to tell whether they left any surprises. I found
out because I saw a file that I didn't recognize, and then used last to see
when they had been in. Using last probably isn't the best way to detect
whether someone's been in your system, though!

I'd love to learn more about stuff like tripwire (never used it) or anything
that scans for changes to the list of running processes.

It'd also be great to have a general overview of the types of things
security things that exist, so we have an idea of what's out there. I mean,
just a discription of what a firewall is, what an IDS is, what a honeypot
is, what a whatever kind of thing tripwire is is, etc. Not a treatise, but
just like a sentence that says that so and so exists. We don't have to
actually talk about these things, but it's good to know what words to look
for in case we have an issue in the future.

It would also be good to know the weaknesses of products. A lot of people
say ipchains is a weak firewall and that iptables is better. I don't know
anything about iptables so I couldn't even say. Also, there are tons of
Linux-based firewalls out there like Smoothwall that would be nice to know
about.

The security tools I've used are firewalls and anti-virus tools, mostly on
Windows. I use ipchains on my own Debian GNU/Linux box , but I wouldn't say
I know it well by any means. I have also used tools to check the security of
passwords, etc., but these have also all been Windows-based.

When I was working with firewalls, I used to read firewalls
(http://lists.gnac.net/mailman/listinfo/firewalls) and firewall-wizards
(http://list.nfr.com/mailman/listinfo/firewall-wizards) regularly, but now I
just subscribe and ask a question when I need to.

Jen

More information about the Courses mailing list