Security Tips for IT

Security Tips for IT

General Security Also, Windows, Linux & Solaris Best Practices

Account Security

• Access to your account on any system by another party is prohibited
• Accounts are equivalent to signing your name on a tangible document. Anything done with these accounts under your name is your responsibility and you may be liable for it.
• Accounts setup for group use is prohibited

Auditing

• Review security event logs on a regular basis
  • It is useless to generate event logs if one is not going to monitor them

Backups

• Perform full backups weekly
• Store full backups offsite once per month
  • Periodically test the backups for integrity

Business Resumption Plan

• Each college, school or department should have a business resumption (continuity) plan
  • In case of a disaster, such as a hurricane, you need to have critical systems back on-line as quickly as possible
• Keep good inventory

Drive Mapping

• Administrators must take precautions when logging into workstations that have drive mappings to their servers. Many viruses will propagate using the mapped drive. If an administrator has full access to servers and logs-in to a workstation that has a drive mapped to a server, and the workstation happens to be infected with a worm, it will infect the server as well.
  • Administrators should use an account with limited permission to servers when troubleshooting a workstation. Or, have the regular user login to the workstation

FTP, SSH and Web Servers

• Disable anonymous FTP
• Disable version banners
• Set filters/wrappers based on IP addresses to deny access to unwanted hosts
• Run these services/applications with user permissions other than administrator or root

Hardware Disposal

• When disposing magnetic media such as hard drives, diskettes, or tapes, make sure that they are erased first

Install Latest Patches

• Install all vendor recommended service and security patches
  • To accomplish this in an automated way for common operating systems, please check the Security Tools page
• Links to web sites to obtain current patches for your operating system:
  • Microsoft http://www.microsoft.com/technet/itsolutions/security/current.asp
  • Apple - Mac OS http://www.apple.com/support/security/security_updates.html
  • Novell http://support.novell.com/misc/patlst.htm
  • Linux Distributions
    • Redhat http://www.redhat.com/security/updates/
    • SCO (Caldera) http://www.caldera.com/support/security/
    • Mandriva http://www.mandriva.com/security
    • SUSE http://www.suse.com/us/support/security/index.html
  • Berkeley Standard Distribution (BSD)
    • FreeBSD http://www.freebsd.org/security/security.html
    • OpenBSD http://www.openbsd.org/security.html
    • NetBSD http://www.netbsd.org/Security/
  • Solaris http://www.sun.com/software/solaris/downloads.html
  • HP/Unix http://www.software.hp.com/SUPPORT_PLUS/
  • Aix http://techsupport.services.ibm.com/rs6k/ml.fixes.html
  • SGI http://www.sgi.com/support/security/patches.html

Modems

• Avoid the use of modems on the network
  • Unmanaged or poorly managed desktop modems pose a risk to PC

Passwords

• Passwords should be a minimum of 6 characters, including numerals
• Never share passwords with anyone
• Change passwords at least every sixty (60) days

SSH (Secure Shell)

• Use SSH instead of Telnet or rlogin
• A good program to use is Putty. Download here

Time Synchronization

• To effectively investigate compromises or security incidents it is necessary to have clocks synchronized to a common system (NTP - Network Time Protocol)
  • Install synchronizing software such as Netlab for Windows
  • 
    

Viruses

• All systems must run an anti-virus software package
  • Make sure to budget to renew your antivirus definitions service on a yearly basis. Many programs come with one free year of upgrades, but you need to budget (usually < $15) to keep your antivirus upgrade access current.
  • You should update your virus definitions on a daily basis.
• Inform systems administrators as soon as a virus has been detected
• Check Security Tips for Everyone for further tips.

Windows Best Practices

• Review Computer Security Standards
• Subscribe to security web sites, such as Microsoft’s Technet
• Insure that all critical data is stored on NTFS partitions
• Verify that the Administrator account has a strong password
  • Prevent Null user sessions
• Unbind unnecessary protocols
• Remove additional OS installations. Install only what you need
• Always install the latest security patches available from the vendor. See above.
  • Update your operating system regularly – crackers take advantage of vulnerabilities reported by vendors
• Disable unnecessary services. Run only the services that are necessary
• Turn off auto run for CD-ROM
• Review security event logs on a regular basis
• Make frequent backups

Above

Linux Best Practices

• Review Computer Security Standards
• Subscribe to security web sites and mailing lists (i.e., www.securityfocus.com, www.linuxsecurity.com, etc.)
• Change or disable passwords for all default accounts
• Make sure you choose a secure password for root
• Install sudo to enhance control over root access
• Always install the latest security patches available from the vendor. See above.
  • Update your operating system regularly – crackers take advantage of vulnerabilities reported by vendors
• If you are using Red Hat Linux, use up2date to update your system packages
• If you are using Debian, use apt-get to update your system packages
• Disable all network services in /etc/inetd.conf and enable only those you need
• If you are using Redhat, make sure to disable the linuxconf line in inetd.conf (if it exists)
• Check your runlevel startup files to make sure things you don't want are not starting up.
  • Example: For System V-like systems, this would be in /etc/rcX.d, where X is the value of the runlevel your system boots into by default. For BSD-like systems, this would be in /etc/rc.common or /etc/rc.
  • Check your system documentation if unsure of your init system.
• Disable RPC (portmap, etc) unless you need Sun services such as NFS
• Disable LPD unless you need to use the machine for printing purposes
• Install Secure Shell (Open SSH) for remote access
• Consider using tcp wrappers to control access to your machine over the network
• Remove /etc/hosts.equiv
• Control remote access to system by modifying /etc/hosts.allow and /etc/hosts.deny
• Make sure you are running the latest version of Sendmail. You may consider using Postfix, Qmail, or Exim
• If you are running an ftp daemon, consider using Proftpd
• Make frequent backups

Above

Solaris Best Practices

• Review Computer Security Standards
• Subscribe to security web sites (i.e., www.securityfocus.com)
• Change or disable passwords for all default accounts
• Make sure you choose a secure password for root
• Always install the latest security patches available from the vendor. See above.
  • Update your operating system regularly – crackers take advantage of vulnerabilities reported by vendors
• Disable all network services in /etc/inetd.conf and enable only those you need
• Remove startup scripts for sendmail and web servers if you don’t need those services
  • Make sure you are running the latest version of Sendmail. You may consider using Postfix
• You should be especially careful with the r-services. They are often not needed and can pose a significant security risk
• Use the Secure Shell (SSH) instead of telnet
• Control access to your machine by installing both tcp wrapper and Wietse Venemaís version of portmap for SunOS or rpcbind for Solaris
  • These utilities cover different groups of network services, so you need both of them
• Run syslog, and save the output
• Consider installing and running swatch, which will notify you when specified events happen. Even if you decide not to run swatch, syslog output can be very useful in tracing an incident once it happens
• Remove /etc/hosts.equiv
• Do not have a .rhosts file without good reason
• If you are running ftp daemon, consider using Proftpd
• Make frequent backups

TIPS: Recover Scratched CDs

TIPS: Recover Scratched CDs

Don't you feel like crying every time you add another disc to
your pile of scratched discs. Trashing that disc which contained
your favorite songs, pics, files, games or videos is not easy.
Read-on, if you find yourself wishing for a miracle every time
your fav CD is scratched:

Home Remedy :

Here's an easy home remedy, which might give you
the desired results. Rub a small amount of toothpaste on the scratch
and polish the CD with a soft cloth and any petroleum-based
polishing solution (like clear shoe polish). Squirt a drop of
Brasso and wipe it with a clean cloth.

Technology to the rescue:

There are many softwares available on the
net, which enable the recovery of the CD data. BadCopy Pro is one
such software, which can be used to recover destroyed data and
files from a range of media.

Just a few clicks is all it requires to recover the disc from almost all
kind of damage situation; be it corrupted, lost data, unreadable
or defective.

D

iskDoctors is another popular company, which offers both software
and solutions to recover data from a scratched CDs and DVDs

General Tips:
* Always wipe the CD from the center outward with straight spoke-like
strokes. Wiping CDs in circles will create more scratches.
* Do not scratch the graphics layer as you cannot repair the disc.
HINT: Hold the disc up to a light with the graphics layer facing
the light source. If you can see light thru the scratches at any
point then the disc may be irreparable and or exhibit loading
or playing errors.
* Clean your Disc players lens regularly with a suitable product to
ensure optimal viewing pleasure.
* Make sure to use a soft, lint-free cloth to clean both sides of the
disc. Wipe in a straight line from the centre of the disc to the
outer edge.
* If wiping with a cloth does not remove a fingerprint or smudge,
use a specialized DVD disc polishing spray to clean the disc.
* Only handle the disc by its outer edge and the empty hole in the
middle. This will help prevent fingerprints, smudges or scratches.


Statistics:
*Finger marks/ prints cause 43% of disc problems.
* General wear & tear causes 25% of disc problems.
* Player-related issues cause 15% of disc problems.
* User-related issues cause 12% of disc problems.
* PlayStation 2 machine scratches cause 3% of disc problems.
* Laser rot (a manufacturer error) causes 2% of disc problems.

Web Hosting - Choosing The Wrong Server Will Literally Make Or Break You

Web Hosting - Choosing The Wrong Server Will Literally Make Or Break You

Over the last couple of years Virtual Web Hosting has been the only way to go when choosing a web server. One of the reasons that Virtual Web Hosting became so popular was because they supported the necessary files and allowed you to have more freedom than other conventional web hosts. But now you can have more freedom than ever before with Virtual Private Servers. Moreover, Virtual Private Servers should not be confused with Virtual Hosts, because they are completely different.

Over the last couple of years Virtual Web Hosting has been the only way to go when choosing a web server. One of the reasons that Virtual Web Hosting became so popular was because they supported the necessary files and allowed you to have more freedom than other conventional web hosts. But now you can have more freedom than ever before with Virtual Private Servers. Moreover, Virtual Private Servers should not be confused with Virtual Hosts, because they are completely different.

Before I go any further I must explain what the difference is between a Virtual Host and a Virtual Private Server, so that you can fully understand. In this article I will also go over the advantages and disadvantages of both types of servers, to help you decide which is right for you and your business. Let's get started with Virtual Hosting.

Virtual Hosting

Virtual Hosting is also known as Shared Web Hosting, where you are sharing the physical server and a single set of software applications with other users. Virtual Hosting has been extremely popular in the past for it's fast deployment, strong resources, and most importantly for having a very reasonable price. Another advantage to Virtual Hosting is that you have a powerful, reliable, and professionally managed server without having to have advanced technical skills, making it ideal for an individual, small business, or even a beginner webmaster.

The disadvantage of Virtual Hosting is that you are sharing the server with other users, which are configured and controlled by an administrator, not you. So basically you have your hands tied behind your back, because you have to contact the administrator everytime you have to adjust or change your configuration settings. Even if you managed to get a hold of the administrator, they may not fulfill your request. It's up to them, they are the administrator. If you were the administrator you wouldn't have these limitations and would have full control.

Virtual Private Servers

Virtual Private Servers are a hot topic these days and for a good reason. Before I get into the advantages of a Virtual Private Server, let explain what it is first. A Virtual Private Server is a single server that is partitioned at the root into multiple dedicated servers. This allows you to share the cost of the network connectivity, hardware, and system maintenance with other hosting customers, while maintaining your flexibility and freedom.

The real advantage of Virtual Private Servers is that they allow you to have complete control and they have the security advantages of a dedicated server at the fraction of the cost. You have access to the virtual root, Telnet, web configuration files, and full CGI-BIN access. I can't forget to mention that you also have access to your password, aliases file, and sendmail configuaration file. For many reasons you can see that a Virtual Private Server is an excellent solution for small to medium size businesses that have an increasingly complex needs.

Moreover, there is one disadvantage with Virtual Private Servers, you need to have some program knowledge to control and configure the settings. Sounds overwhelming, most businesses that offer Virtual Private Servers have very detailed manuals making them easier to configure and control no matter what your program level is.
Which one is right for you? Well, that all depends on you and the size of your network.

If you have or plan on having just one web site and have absolutely no programing knowledge, then Virtual Hosting is the recommended and economical way for you to go. A Virtual Host can cost anywhere from $20 - $50 a month for an account, rather than a $100 or more for a Virtual Private Server.

On the other hand, if you have a larger network that requires multiple web sites, like ours, and you have some programing knowledge, then a Virtual Private Server is ideal for you. You can host up to 50 web sites on a Virtual Private Server account, instead of having multiple Virtual Hosting accounts, which is not as economical.
When it comes time to get a web server, make sure that the server fits your needs and that it supports the essential software for a prosperous online business.

A Good Collection Of Computer Tips And Tricks

A Good Collection Of Computer Tips And Tricks

Information About Online Degrees And Trainings
http://directdegree .info

Infromations About Online Learning
http://itutorial. info

Free Data Recovery Softwares, Free Anti Virus Softwares
http://diskdoctor. info

Cheap Cell Phones
http://krzrmotorola .com

Informations About CCNA,CCNP, MCSE,MCSD, Network Certifications
http://ciscocertifi cations.info

Travel Asia,Travel India, Paramount Airways
http://paramountair ways.co.in

Find Tips To Avoid Virus Infection
http://1.itutorial. info/avoidvirusi nfection

Learn How To Install XP Cleanly
http://1.itutorial. info/cleaninstal lXP

Find Tips About Digital Photography
http://1.itutorial. info/digitalcame ra

Find What You Do Not Know About DNS
http://1.itutorial. info/DNSTutorial

What You Must Know About IP Address
http://1.itutorial. info/IPAddresstu torial

Find Tips To Avoid Virus Infection
http://1.itutorial. info/avoidvirusi nfection

Learn How To Link XBOX To Computer
http://1.itutorial. info/LinkXboxToC omputer

Online Linux Tutorial
http://1.itutorial. info/linuxtips

Find Mobile Phone Secret Codes
http://1.itutorial. info/MobilePhone SecretCodes

Information About Online Degrees And Trainings
http://directdegree .info

Cheap Air Travel,Cheap Air Fare, Paramount Airways
http://paramountair ways.info

Information About Mutual Funds
http://easymf. co.in

Learn About Over Clocking
http://1.itutorial. info/Overclockin g_Tutorial

What You Must Know About Packet attack
http://1.itutorial. info/packettack

Do You Know There Are Over Hundred File Extension?
http://1.itutorial. info/PcFileExten tionListing

Find Tips To Improve Your PC's Graphic Performance
http://1.itutorial. info/PcGraphicsP erformance

PC Maintenance Tips
http://1.itutorial. info/PCMaintenan ce

Online Registry Tutorial
http://1.itutorial. info/RegistryTut orial

Find Tips To Tweak With Registry
http://1.itutorial. info/RegistryTwe aks

Online TCP/IP Tutorial
http://1.itutorial. info/TCPTutorial

Free Data Recovery Softwares, Free Anti Virus Softwares
http://diskdoctor. info

Informations About CCNA,CCNP, MCSE,MCSD, Network Certifications
http://ciscocertifi cations.info

Informations About Forex, Forex Trading
http://tradingforex online.info

Find Tips To Make Computer Faster
http://1.itutorial. info/TipsToMakeC omputerFaster

What You Do Not Know About Windows
http://1.itutorial. info/UntoldWindo wsTips

Online Virtual Memory Tutorial
http://1.itutorial. info/VirtualMemo ry

Learn How To Calcule Wattage Consumption Of Your PC
http://1.itutorial. info/WattageCons umption

Learn About Windows Hidden Files
http://1.itutorial. info/WindowsHidd enFiles

How Many Windows Shorcuts Do You Know Of ?
http://1.itutorial. info/windowsshor tcuts

Find Some Nice Windows XP Tips
http://1.itutorial. info/windowsxpti ps

Online Unix Tutorial
http://unixtutorial .tripod.com

Infromations About Online Learning
http://itutorial. info

Infromations About Home Loan, Personal Loans
http://loanonphone. info

Travel Asia,Travel India, Paramount Airways
http://paramountair ways.co.in

For More Such Tutorials Please see my Blog Often
http://realbrain.blogspot.com

Questions to Ask the Interviewer

Questions to Ask the Interviewer

Although they don’t require great acting ability to deliver, asking appropriate questions demonstrates your interest in the job. It also gives you the opportunity to lead the interviewer
into your strongest areas.
Your questions and the interviewer’s answers shouldn’t exceed 10 percent of the total interview time. Because you don’t know how long the interview will last, just ask a question
after you have answered around nine of them. Don’t sit there writing tally marks on your resume, just mentally keep track. If you ask two questions, wait a little longer before you ask about something else.
Questioning must be done naturally at opportune times, and in a nonthreatening manner. No question should be asked unless you are certain the answer will make you appear interested, intelligent, and qualified.
Proper questioning helps you align your answers to the areas
the interviewer considers significant. It also gives you feedback to check your alignment. Listen for company and industry buzzwords to use as the interview progresses. Above all, don’t interrupt or argue with the interviewer. You’re asking
only to be able to play to your audience more effectively, not to rate or berate it.
The average applicant talks about 85 percent of the time during an interview. That’s why average applicants don’t get hired. They’re amateur solo acts with monotonous monologues
who nervously bang their gums on the interviewer’s drums. Then both of them march out the door together, and only the interviewer returns

Applicants who get hired zip the lip 50 percent of the time. This is one of the most accurate indicators of whether an offer will be extended—and you can control it.
Use questions as zippers to help you. Don’t ask personal, controversial, or negative questions of any kind. Stay away from asking anything that will lead into sensitive areas. Invariably,
salary and benefits should be avoided—I’ve shown you how to answer properly the interviewer’s questions about them.
Here are examples of benign questions that have a favorable
impact, adapted from The Placement Strategy Handbook.



SCRIPT
1.How many employees does the company have?
2.What are the company’s plans for expansion?
3.How many employees does the department have?
4.Is the department a profit center?
5.Does the department work separately from other departments?
6.Are the functions of the department important to senior management?
7.Is the relationship between the department and senior management favorable?
8.What is the supervisor’s management style?
9.What is the supervisor’s title?
10.To whom does the supervisor report?
11.Are you ready and able to hire now?
12.How long will it take to make a hiring decision?
13.How long has the position been open?
14.How many employees have held the position in the past five years?
15.Why are the former employees no longer in the position?
16.How many employees have been promoted from the position in the past five years?
17.What does the company consider the five most important duties of the position?
18.What do you expect the employee you hire to accomplish?


BENEFITS QUESTIONS
Though, of course, you will need—and have a right—to ask the following questions, the key is knowing when to do so. Under no circumstances do you want to spring these questions
on the interviewer early in your conversation; doing so will make it seem as if you were more interested in what the company can do for you, when at this juncture what you want to get across is what you can do for the company.
The best advice for raising these questions is to have them firmly in mind so that you can ask them at the appropriate times during the interview. And if you’ve followed all the advice
so far in the book, you will know when these times are. In general, however, many of these questions will probably be part of

the salary negotiation process

1. What type of medical insurance benefits
program does the company offer? Is more
than one type of program available?
[Be sure to follow the first question with questions 2 and 3.]
2.What is the extent of the coverage of the
program [or various programs, if more than
one]?
3.Does the company pay for the coverage in
whole, or must the employee contribute? If
the latter, what percentage?
4.What is the sick leave policy?
5.What is the vacation benefit for this position?
6.Is it possible to join a retirement plan? If so, is it contributory or noncontributory?
7.Does the company have a profit-sharing plan? Is documentation of its payout history available?
8.Is there a 401(k) plan? If so, how is it
structured?
9.Are there other savings or investment
programs employees can choose from?
10.Will the company arrange for and pay for my moving expenses?
11.[In the case of a homeowner] Will the company assist in the sale of my current home and the search and purchase of my new home? Does the company reimburse closing costs on these transactions?
12.[In the case of a renter] If my landlord is unwilling to release me from the time remaining on my lease, will the company assume the balance of the monthly payments for the extent of the lease?
13.Will the company help with real estate loans, if necessary? If so, under what terms?

The Art of selling yourself! Some Useful tips with Resume Format...

The art of selling yourself! Some Useful tips with Resume Format...


What's a CV or resume?


It's simply an advertisement that helps you sell yourself to an employer.

It needs to present your skills and experience in the best possible light and emphasize your suitability and potential for the job.

That is why it is a good idea to spend time on preparing a targeted, effective, error-free document that will impress a potential employer.

Employers see a lot of CVs, so avoid imitating standard CV samples. You can score bonus points instead if your CV is just that little bit different and has your own personal stamp.

Some tips:

· Always print your CV on a standard A4, plain white or pale coloured paper. Use matching envelopes.

· Always send a brief customised letter with any CV that you send out.

· Presentation is extremely important, so make sure your CV is typed or word-processed.

· It should be well laid out and printed on a good quality printer.
· Leave plenty of space between paragraphs and allow adequate margins.
· Use plain English. Avoid professional jargon.
· Keep paragraphs short -- preferably no longer than five or six lines.
· Your entire CV should not exceed two pages in length -- but if your breadth of experience merits it, you can justify a CV that runs to four pages.
· Use bold lettering and/or underline print for headings.
· Do not use lots of different font types and sizes. You are not designing a magazine cover!
· Use plenty of white space. Remember to leave a decent margin on all four sides of the page.
· Consider using 'bullets' to start sub-sections or lists.
· Use positive language and adopt a confident tone.
· Be careful with dates. Make sure every year is accounted for. Employers will get suspicious if they see too many gaps.

The main section of your CV

1. Personal details:

· Name
· Address
· Telephone/cellphone number/s (and e-mail)
· Date of birth
· Nationality

2. Education:

· Details of your university education
· School
· Work-related training

3. Work experience:



List past employment details in reverse chronological order, with the most recent first. Always reserve more space for your most recent or current position.

Names of past employers, along with the date of appointment and the date you left, and a brief outline of responsibilities is essential. Some employers also like to see a brief description of the companies and a summary of their business.

Always include your specific contributions to each job, listing related responsibilities and achievements with each entry, rather than in a separate section.

List any affiliation to relevant professional associations.


4. Skills:

Employers are often interested in specific skills you have acquired, such as


· Foreign languages
· Computing languages or packages
· Keyboard skills
· Driving ability
· Try to give specific details, for example, about your level of proficiency in foreign languages, degree of familiarity with computer packages, and so on.

5. Interests and activities:

Do not just list your interests. Show how they have helped develop skills a potential employer will value.



6. References:

For references, choose people who can comment on different aspects of your professional personality. Two references are usually enough. Only give three if there is another person whose opinion you feel your potential employer really needs to hear.


General tips:


· It can be good to start with a personal profile/objective statement. This is a two or three sentence overview of your skills, qualities, hopes and plans. It should encourage the employer to read the rest. You could add a photo of yourself. Make sure it is a good one!

· You may vary the style according to the type of job. A big company would normally expect a formal CV on white paper. But a CV applying for a television production or graphics designer job could be less formal -- in such cases you can use coloured paper, unusual design, etc.

· Don't include the date the CV was prepared -- this will shorten its usefulness.

· Never state specific objectives. These are more effective when you include them in your covering letter.

· Check that both your CV and covering letter are completely free of errors. Spelling mistakes will definitely detract from your application. Proof read both documents thoroughly. Get a friend to proof read them as well.

· Keep an ongoing file of your achievements, no matter how insignificant they may appear -- one day they'll make the basis for a good CV.

· Remember to give each of the people you've mentioned a reference copy of your CV.

· Re-read your CV before any interview -- chances are the interviewer will too and you must know what's in it.