Ask Slashdot: Security Digests For the Home Network Admin? 123
New submitter halcyon1234 writes "I'm currently cutting the webhost cord, and setting up a simple webserver at home to host a couple hobby websites and a blog. The usual LAMP stuff. I have just enough knowledge to be dangerous; I know how to get everything set up and get it up to date, but not enough to be sure I'm not overlooking common, simple security configurations. And then there's the issue of new vulnerabilities being found that I'm not even aware of. The last thing I want is to contribute to someone's botnet or spam relay. What readings/subscriptions would you recommend for security discussions/heads up? Obviously I already read (too much) Slashdot daily, which I credit for hearing about some major security issues. Are there any RSS feeds or mailing lists you rely on for keeping up to date on security issues?"
Reliability testing... (Score:5, Insightful)
Bonus points if you add something like "My awesomely new bulletproof website!". That should kick off the reliability test engines from
Check your Internet Acceptable Use documents (Score:5, Insightful)
Re:Reliability testing... (Score:3, Insightful)
Patch often, and protect your services (Score:4, Insightful)
Your distro will have a regular patch channel that will address most vendor-introduced vulnerabilities. Patch religiously, and often. At least once per week. It's not like you're responsible for SLA's or regression testing. If you somehow uncover a bug when you patch, muscle through it, and keep going.
Use a firewall and only expose necessary ports. Protect the ports with strong authentication, encryption where applicable, and possibly a reactive blocker such as fail2ban to keep the script kiddies at bay. If you must run an external SSH server, run it as a seperate process, and only allow key auth, and only for a single user.
Get on whatever mailing lists or errata lists support your distro and apps, and try and keep up with them. If your apps are maintained as source, try and use the repos to update your apps instead of just relying on standard stable packages. You'll get bug fixes faster (probably bugs as well. See above)
Use something like logwatch and read the daily mails.
Also use something like rkhunter to alert you in case something changes.