Pointers solicited

Pointers solicited
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Pointers solicited Dorsai 07-13-2004
Posted by Dorsai on July 13, 2004, 8:42 am
If you were  Registered and logged in, you could reply and use other advanced thread options
I'm (obviously) new to the computer security deal, and was hoping someone
would be kind enough to point me toward some decent reference materials on
day-to-day computer security operations. I'm looking for things like:

* At what point does port scanning become 'hostile'?
* Is there any _legitimate_ reason to try and get a list of cgi scripts?
* What is a good 'tolerance level' for security (ie, one scan free, then
complain? Zero tolerance? Other?)
* Any automated tools (Linux/Windows) to go with the above?

Any help would be appreciated; I want to try and get this right without
bashing my head against the wall (can't stand the soft, squishy sound it
makes)...

--
* * * * * * * * * * * * * * * * *
Dorsai - Author of Erotic Fiction
http://www.asstr.org/~Dorsai
* * * * * * * * * * * * * * * * *
"Duct tape is like the Force. It has a dark side, it has a light side, and
it holds the Universe together." -Carl Zwanig


Posted by Bill Unruh on July 13, 2004, 4:53 pm
If you were  Registered and logged in, you could reply and use other advanced thread options



]I'm (obviously) new to the computer security deal, and was hoping someone
]would be kind enough to point me toward some decent reference materials on
]day-to-day computer security operations. I'm looking for things like:

]* At what point does port scanning become 'hostile'?

At the point at which they try to do something other than scan at one of
the ports, and that something is hostile.

]* Is there any _legitimate_ reason to try and get a list of cgi scripts?

Maybe.

]* What is a good 'tolerance level' for security (ie, one scan free, then
]complain? Zero tolerance? Other?)

Sorry, this is not security we are talking about here. Security is about
making sure that hostile acts cannot result in anything. It is not about
complaining.
As in most of life, complaining accomplishes very little.

]* Any automated tools (Linux/Windows) to go with the above?

lots, except I have no idea what "the above" refers to.
Firewalls, logs,...

]Any help would be appreciated; I want to try and get this right without
]bashing my head against the wall (can't stand the soft, squishy sound it
]makes)...

Get what right? I think the first thing you need to do is to decide what y
ou want to accomplish.



]--
]* * * * * * * * * * * * * * * * *
]Dorsai - Author of Erotic Fiction
]http://www.asstr.org/~Dorsai
]* * * * * * * * * * * * * * * * *
]"Duct tape is like the Force. It has a dark side, it has a light side, and
]it holds the Universe together." -Carl Zwanig



Posted by abc on July 20, 2004, 4:55 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Dorsai wrote:

> I'm (obviously) new to the computer security deal, and was hoping someone
> would be kind enough to point me toward some decent reference materials on
> day-to-day computer security operations. I'm looking for things like:
>
> * At what point does port scanning become 'hostile'?
> * Is there any _legitimate_ reason to try and get a list of cgi scripts?
> * What is a good 'tolerance level' for security (ie, one scan free, then
> complain? Zero tolerance? Other?)
> * Any automated tools (Linux/Windows) to go with the above?
>
> Any help would be appreciated; I want to try and get this right without
> bashing my head against the wall (can't stand the soft, squishy sound it
> makes)...
>

You can order some free training materials from DISA here:

http://iase.disa.mil/ars/cgi-bin/arweb?Form=useschema&s=mattche&S=ETA:Product-Rqst&Act=Submit

Check out some NIST publications:

http://csrc.nist.gov/

SecurityFocus has lots of information:

http://www.securityfocus.com/

Or these guys:

http://www.cymru.com/



Similar ThreadsPosted
Looking for pointers to get started with e-signature August 19, 2004, 1:26 pm
Pointers required for mysterious Sending Mail message in Ooutlook November 30, 2004, 12:25 pm

The site map in XML format XML site map

Contact Us | Privacy Policy