Today was the last day of Rik Farrow's excellent Hands On Linux Security class held by DKUUG. It wasn't actually Linuxcentric at all, but everyone knows that Linux sells, so I think it's OK to call it something with Linux. Securing a network is about the same regardless of operating system, with the notable exception of Windows. Windows is too stupid, buggy and badly designed to be "securable."
We used RedHat 9.0 boxes with a
few trojans and rootkits installed that we were supposed to find. I was a
little slow to it, as I haven't touched Linux in 2-3 years. It makes it
quite hard to spot files that shouldn't be there, though I learned that
rpm -qf /path/to/suspect/file' is a great tool for that sort
of stuff. There are obvious caveats, since a rootkit could simply be
installed from a perfectly normal RPM package.
Lots of other things were discussed, the pace was fast, and it would have been nice if we'd had a day or two more to dig deeper into some things, but we didn't.
Rik is a really nice guy, he has lots of experience, and he's a good educator. It was a very good course/class/seminar/whatever you want to call it, and it is always nice to meet new people with similar interests. It's hard not to get away with some new handy tricks up your sleeve.
Maybe I should learn how to become an obnoxious internet cam whore in five easy steps (Thanks reverse). Maddox is always funny.