Ceci est une ancienne révision du document !
From Michael Lewis: What issues do we have when finding open WIFI in our neighborhoods and in using them? Using a directional antenna the connections are good, fast and usually reliable, but the sources are unknown. What protection would be recommended for everyday use of WIFI , especially for those of us who may pay a bill or order from Ebay using these free sources?
MB: The main risk with WiFi is transmitting data through the air and then putting it onto someone else’s network. These areas – which you can’t control yourself – have a higher risk of interception by others. To some extent you can minimize the risks by using HTTPS; it’s supported by most sites where sensitive data is transmitted. If you use free sources, be aware of possible snooping by others, and encrypt as much as possible (web browsing, e-mail, IM).
From John Daniels: How would I go about sending the logs from all workstations and servers to a GNU/Linux box for analysis? What is the best tool to collate the logs from various OSes and formats?
MB: To correlate and analyze log files, it is preferred to have them stored in a similar way. GNU/Linux systems use syslog for that. While, normally, data is stored only locally in /var/log, most syslog daemons can be adjusted to send their data to a (central) remote syslog host. For Windows based systems, there are other solutions; there are also tools which support syslog and send the data in the same way as GNU/Linux machines. After collecting, there are different tools available to work with the data, from log parsing to more advanced event correlation.
From SkyAisling: What are your thoughts on UEFI?
MB: As with all standards, they usually take some time to be properly implemented. At this moment, I see many people with a lot of boot issues when setting up dual boot (with GNU/Linux). The idea behind UEFI however is great. If you want to protect a system, all layers have to be protected. UEFI tries to be the glue to avoid malicious code sneaking into the boot process. It’s also this area which is the most important one to watch, because once malware is in, it can start spreading (into memory, OS, etc).
From PieterCloete: How safe are my Ubuntu systems from virus attacks, and what is the best software to stop them – if needed.
MB: Normal viruses – like we have seen in the period of MS-DOS – are nowadays not much of a risk. Worms, trojan horses and malicious scripts are still a serious threat to every operating system. Gladly, there aren’t many worms which attack Linux systems. Diversity of Linux systems might be one reason why malicious code might work on Red Hat, but not on Ubuntu, for example. My advice for making sure a system stays secure is to stay up-to-date with software patches. Perform testing of unknown scripts or new software in a dedicated virtual machine, and audit your system. In all cases, your system is as secure as the weakest link. My tool, Lynis, might help to uncover these areas and provide tips for additional software to keep systems secure. For malware, in particular, you could use tools like ClamAV, Rootkit Hunter, Chkrootkit, OSSEC and LMD.
Michael Boelen is the author and project lead of Lynis. His company CISOfy provides security guidance to individuals and companies by sharing open source software, support and knowledge. He loves sport, reading, and enjoying life with friends.