Penetration Testing mailing list archives
Re: resources for system level security?
From: Artis Schlossberg <artis () infosec lv>
Date: Sat, 10 Dec 2011 21:03:17 +0100
For Linux, a good starting point is a hardening guide by NSA: http://people.redhat.com/sgrubb/files/hardening-rhel5.pdf Although it covers RHEL specifically, many points apply to other distributions too. I'd then also look at checklist provided by SANS Institute: http://www.sans.org/score/checklists/linuxchecklist.pdf Guide to General Server Security from NIST is also worth mentioning: http://csrc.nist.gov/publications/nistpubs/800-123/SP800-123.pdf These are a good starting point, not an exhaustive material on the subject matter. There are some good books that cover this; search your library. ---Artis 2011/12/6 최봉환 <zilly1 () naver com>:
Hi all, I started to work of focusing on linux system level security. Mostof the servers are providing web services. Although I have been working on application pen testing, I havelittle experience to handle with security issues of system or OSitself. Could you recommend where I should start for it? (useful books, web sites, or concepts/terminology I have tounderstand) Any advice would be highly appreciated.
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- resources for system level security? 최봉환 (Dec 05)
- Re: resources for system level security? Artis Schlossberg (Dec 10)