Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [security]

For questions relating to application security and attacks against software. Please don't use this tag alone, that results in ambiguity. Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. If your question is not about a specific programming problem, please consider instead asking it at Information Security SE

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

Resources

6921 questions
378
votes
22 answers

How do you search for backdoors from the previous IT person?

We all know it happens. A bitter old IT guy leaves a backdoor into the system and network in order to have fun with the new guys and show the company how bad things are without him. I've never personally experienced this. The most I've experienced…
Jason Berg
  • 19,224
52
votes
19 answers

The IT Manager is Leaving - What do I lockdown?

The IT Manager may be leaving, and it's possible that the parting of ways may not be completely civil. I wouldn't really expect any malice but just in case, what do I check, change or lock down? Examples: Admin passwords Wireless passwords VPN…
Marko Carter
  • 4,112
  • 1
  • 30
  • 38
19
votes
4 answers

Why should I allow multiple IP addresses on a website for a single session?

I hope my question matches the scope of this site. I'm developing a CMS. Currently my logged in users are locked to their IP address for the session. Unfortunately a small portion of my userbase constantly jump between two or more IP addresses. Most…
yoru
  • 191
18
votes
19 answers

How should I securely wipe data from a hard drive?

How do you recommend destroying sensitive information on a hard drive? I've used DBAN in the past, is that good enough?
Jon Galloway
  • 1,506
  • 1
  • 18
  • 20
18
votes
8 answers

IT Audit checklist

I recently have taken on the position of a one man show for a company that is going to have an audit. The network isn't anywhere close to prepared and I have been looking for a general audit checklist since one hasn't been provided by the auditors…
PHLiGHT
  • 1,041
  • 11
  • 25
16
votes
5 answers

What's the sneakiest thing you ever had to deal with as a sysadmin?

What's the most devious thing a user has ever done that you've had to deal with? Obviously, we've all seen quite a lot of malice from unfriendly users, but how about from so-called friendly users? In my case, I think it would have to be ping tunnel:…
Mikeage
  • 2,741
  • 6
  • 27
  • 37
15
votes
14 answers

Sysadmin bad habits

I think it would be interesting to have a list of bad habits you observe related to system administration. For example: Always using root on servers Sharing account passwords Inserting passwords on code Still using telnet ... Although I'm mostly…
chmeee
  • 7,440
13
votes
4 answers

Reliable software keylogger detection?

I may be dreaming here, But is there a reliable method for keylogger software detection? I'm primarily a developer but I run a couple servers and the thing that worries me most is a software keylogger on my personal system that does a good job of…
Spencer Ruport
  • 487
13
votes
23 answers

Is being paranoid a required 'quality' for Sys/Net administrators?

Is being Paranoid considered an (unspoken) 'requirement' for a Sys/Net admin to have (obviously for security reasons)? Is there such a thing as being overly paranoid?, or should we be trustful of others and not completely dwell on questioning…
l0c0b0x
  • 12,037
12
votes
2 answers

What are the downsides of reboot-to-restore software in a corporate environment?

I work in a small IT department in a medium-sized enterprise (up to 200 users). Thanks to home office and our growing field workforce, it has become more challenging to supervise and manage our client PCs. One option we figured out to eliminate all…
G4schberle
  • 123
11
votes
3 answers

Finding how a hacked server was hacked

I was just browsing through the site and found this question: My server's been hacked EMERGENCY. Basically the question says: My server has been hacked. What should I do? The best answer is excellent but it raised some questions in my mind. …
sixtyfootersdude
  • 455
10
votes
6 answers

What should every sysadmin know before administrating a public server?

Similar to this question on Stack Overflow, what should a sysadmin who is used to private, intranet-type situations know before being the administrator of a public site? These could be security related things like "don't leave leave telnet open," or…
Zifre
  • 459
10
votes
7 answers

Career shift to security - learning tracks?

I've had to learn enough to be dangerous (if only to myself), managing the firewalls, switches, etc for small networks over the past ten years. However, I know there's a pretty massive gap between what I've been doing (security as a hobby, really)…
Kara Marfia
  • 7,892
9
votes
3 answers

"Template" for handing out user & passwords for employees

Within this relatively small company I work for, I have been handing out usernames and passwords written very simply in a word document. I wish for this process to be more professional now that we are expanding and quite regularly acquire new…
Amivit
  • 195
9
votes
6 answers

Security Admins toolkit? What's in yours?

Resource question :- I need to collate a list of security admin tools For: Web Network Wifi Server unix/Linux/windows/macosx SQL Xss Please state -links/version/os used/free v buy
littlegeek
1
2 3
9 10