bastille setup concerns

[Eric Gilliland]

>See, this is the Microsoft Market - trust someone else to do it for >you, 
>trust that they didn't keep a copy of the key.
>
>What about reading throughout the Bastille docs, and looking at the >issues 
>they mention one at a time?

Actually, I was planning to read the docs for Bastille before starting it.  
If I was really the MS market, I wouldn't even be putting up with the hassle 
of trying to learn linux, I'd just update to XP and go about my merry, 
clueless way, wouldn't I?

I was only concerned about making the right choices, since my knowledge is 
limited at this point.

> > -----Original Message-----
> > From: Eric Gilliland [mailto:jegilliland at hotmail.com]
>
> > I am planning to run the InteractiveBastille tonight after
> > work.  I'm not sure your confidence that I know best what
> > should be turned on and off is deserved, but I'll try.
>
>See, this is the Microsoft Market - trust someone else to do it for you,
>trust that they didn't keep a copy of the key.
>
>What about reading throughout the Bastille docs, and looking at the issues
>they mention one at a time?
>
>I know that if this is your only PC, and it's front-line on the Internet
>without a firewall or anything, you're taking a risk.  That's why I try to
>get people to learn Linux on a non-production non-essential box, so there's
>no pressure to use configuration programs that "think for you", and you can
>learn what you're doing and why.
>
>I know of a company that's trying to roll out VPN, and they're having Zone
>Alarm installed on each system.  Great for you or me - lots of features,
>logging and reporting.  But I'm dealing with people who can't follow three
>lines of literal instructions every day, and putting Zone Alarm on their
>computer is basically signing up for hours of service calls.  It would be
>more cost effective to give them each an SMC Barricade with remote admin
>enabled.
>
>You should consider this - build a very basic Linux firewall, with the LRP
>or following a HOWTO that will walk you through the steps one-by-one.  Then
>put your workstation behind it, and start looking at security HOWTO's and
>stuff like Bastille, and figure out just how much of the admin you want to
>turn over to some stranger in France or Redmond.
>
>The first thing I do is I rip out linuxconf, and anything else that has 
>it's
>own config scheme that overwrites the settings of the standard, text-based
>config files.  Then _I_ set up xinetd, _I_ set up the firewall rules, and I
>go one step at a time through securing what needs to be secured.
>
>Bastille is great, but if you read it carefully you'll find out that 
>there's
>a bunch of stuff you don't need to worry about.

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.