Words to the Wise
We believe good security is good system administration and vice versa. Most of this chapter is just common-sense advice. It is probably sufficient for most circumstances, but certainly not for all.
Make sure that you know if there is an existing security policy that applies to your network or system. Find out if your security situation is governed by regulations or laws. If there are policies, regulations, or laws governing your situation, make sure to obey them. Never do anything to undermine the security system established for your site.
No system is completely secure. No matter what you do, you will have problems. Realize this and prepare for it. Prepare a disaster recovery plan and do everything necessary, so that when the worst does happen, you can recover from it with the minimum possible disruption.
A large list of security publications can be found at http://csrc.nist.gov/secpubs. If you want to read more about security we recommend the following resources:
RFC 1244, Site Security Handbook, P. Holbrook, J. Reynold, et al., July 1991.
RFC 1281, Guidelines for the Secure Operation of the Internet, R. Pethia, S. Crocker, and B. Fraser, November 1991.
Windows NT Server 4 Security Handbook, Lee Hadfield, Dave Hatter, and Dave Bixler, Que, 1997.
Building Internet Firewalls, Brent Chapman and Elizabeth Zwicky, O’Reilly & Associates, 1995.
Firewalls and Internet Security, William Cheswick and Steven Bellovin, Addison-Wesley, 1994.
Get Windows NT TCP/IP Network Administration now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
