Further Reading
There are always new techniques to learn, and new risks to consider, in the matter of server security. It's a never-ending vigil you must keep to prevent unwanted access on your machine. Fortunately, there are plenty of other administrators out there who also wish to prevent unwanted access and are actively working to make available their shared experiences in the form of books, FAQs, programs, articles, and postings from which you can learn. Some of the most important resources are the following:
- The CERT (Computer Emergency Response Team) announcements, as they are released, are posted to the USENET newsgroup comp.security.announce. The CERT team is the de facto agency for dealing with security risks and helping out administrators who've had their site(s) compromised. Once a given hole or risk is well-understood, the CERT team produces an announcement, which is then released to the Net, giving instructions on how to deal with the problem in an expedient manner, and what to do if the site has already been compromised by any means. Their announcements are also available, along with a great wealth of other information, at their archive site: ftp.cert.org.
- The World Wide Web Security FAQ, maintained by Dr. Lincoln Stein of the Whitehead Institute for Biomedical Research, MIT. This FAQ provides up-to-date information about many of the ongoing concerns with regard to various WWW servers and plenty of other useful bits. Many thanks are due Dr. Stein for his diligent efforts and ongoing participation in the process of keeping the Web secure. The WWW Security FAQ is always available at
http://www-genome.wi.mit.edu/WWW/faqs/
- The COAST site, maintained by Purdue, is the most comprehensive archive of security tools and documentation that I could find. It's at ftp://coast.cspurdue.edu/pub