In an article by Bruce Byfield, Configuration: the forgotten side of security, I was one of several people interviewed about proactive security. In response to one question about best practices for configuring UNIX systems, I provided five goals that I use in building systems. I did not think that it would be included in the article or even a section.

Here are the goals:

1) Build for a specific purpose and only include the bare minimum needed to accomplish the task.
2) Protect the availability and integrity of data at rest.
3) Protect the confidentiality and integrity of data in motion.
4) Disable all unnecessary resources.
5) Limit and record access to necessary resources.

These goals are intentionally generic. The specifics on implementation vary based on the operating system and software used. There many security configuration guides for every operating system available. The problem is that these documents are outdated quickly. (I am intimately familiar with this problem having written one for Solaris [PDF] and updated it three times.) Having a generic set of goals help guide the implementation regardless of the systems and software used.

Comments: 2 Comments

So I’m a happy Skype user. I can answer my “phone” anywhere in the Internet-connected world. I can get a phone number in New York City, Chicago, Los Angeles, or a foreign country. There is call forwarding, video calls, voicemail, instant messaging, SMS messaging, file transfers, conference calls, and for a limited time I can call traditional phones in the US and Canada for free. It can be integrated into my web browser and email reader for a more seamless workflow. I can buy the amount of credit I need instead of being shocked when a big bill arrives. What’s not to like about that?

Full article…

Comments: 9 Comments