A few hours ago, the US National Security Agency made available a new draft security document for pre-publication technical review. It is called The 60 Minute Network Security Guide (First Steps Towards a Secure Network Environment). It is 35 pages of rich, experienced-based guidance. To help the NSA experts get broad technical input to identify any errors before final publication, SANS offered to invite all GIAC certified folks to review it. Others with in-depth network security expertise are also invited. All we ask is that if you download it, you agree in advance to provide feedback within seven days listing errors you have found. To order a copy, email 60minuteguide@sans.org with the subject "60 Minute Guide." I just read this and it was pretty good. Here is a copy of the TOC INTRODUCTION GENERAL GUIDANCE SECURITY POLICY OPERATING SYSTEMS AND APPLICATIONS: VERSIONS AND UPDATES KNOW YOUR NETWORK TCP/UDP SERVERS AND SERVICES ON THE NETWORK PASSWORDS DO NOT RUN CODE FROM NON-TRUSTED SOURCES BLOCK CERTAIN E-MAIL ATTACHMENT TYPES FOLLOW THE CONCEPT OF LEAST PRIVILEGE APPLICATION AUDITING NETWORK PRINTER SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) NETWORK SECURITY TESTING PERIMETER ROUTERS AND FIREWALLS HOST SECURITY TCP/IP FILTERS LOGGING AND DEBUGGING GENERAL RECOMMENDATIONS WINDOWS NT 4.0 AND WINDOWS 2000 SERVICE PACKS AND HOTFIXES LIST OF NT/WINDOWS 2000 SECURITY MEASURES MICROSOFT APPLICATIONS UNIX NETWORKS STARTUP SCRIPTS SERVICES/PORTS SYSTEM TRUST R COMMANDS NETWORK CONFIGURATIONS PATCHES USER ACCOUNTS PERMISSIONS CRON/AT JOBS CORE DUMPS NETWORK SERVICES LOGS X-WINDOW ENVIRONMENTS DISTRIBUTED SERVER FUNCTIONS CHROOT ENVIRONMENTS INTERESTING FILES PERIPHERAL DEVICES BUFFER OVERFLOWS SYSTEM UTILITIES AND COMMANDS CURRENT OS PACKAGES ROOTKITS UNIX WEB SERVERS GENERAL GUIDANCE EXAMPLE: APACHE INTRUSION DETECTION SYSTEMS (IDS) STEP 1 - IDENTIFY WHAT NEEDS TO BE PROTECTED STEP 2 - DETERMINE WHAT TYPES OF SENSORS ARE REQUIRED STEP 3 - CONFIGURE HOST SYSTEM SECURELY STEP 4 - KEEP SIGNATURE DATABASE CURRENT STEP 5 - DEPLOY IDS SENSORS STEP 6 - MANAGEMENT AND CONFIGURATION "Linux is for people who hate Windows. BSD is for people that love unix."