General Steps to Increase System Security
- Preparation: The first step is to understand security by doing research and then use that knowledge to plan your defense.
- Planning: Security is an ongoing process, not just something you do once. Planning should be continual. Any security plan is only as good as its weakest point. After an attacker breaches a single point of defense, the other points become easier to breach. The security plan should also include training, auditing, and so on. It should also include steps to report and repair hosts after a breach. The quicker a breach is caught and corrected, the less time an attacker has to compromise other systems.
- Prevention: It is much easier to prevent an attack than to recover from one. One can use multiple strategies to accomplish prevention:
Monitoring for unsuccessful attack patterns
Vetting and verification of identity
- Postvention: This is just a fancy term for learning from your mistakes. Looking for signatures of a successful attack, notifying authorities, closing a discovered vulnerability, and fixing the affected systems are examples of postvention. Monitoring for breaches is very important. Some common monitoring tools are Chkrootkit, Tripwire, and Logwatch.