Advanced Information Assurance Handbook
Software Engineering Institute
CMU/SEI Report NumberCMU/SEI-2004-HB-001
DOI (Digital Object Identifier)10.1184/R1/6571844.v1
This handbook is for technical staff members charged with administering and securing information systems and networks. The first module briefly reviews some best practices for securing host systems and covers specific techniques for securing Windows 2000 and Red Hat Linux systems. It also discusses the importance of monitoring networked services to make sure they are available to users and briefly introduces two software tools that can be used for monitoring. The second module covers the importance of firewalls and provides instructions for their configuration and deployment. The third module presents the many tasks involved in using an intrusion detection system (IDS) on a network. Topics covered include implementing IDSs on host computers and on networks, using Snort (the most common open-source IDS), and interpreting and using the information gathered using an IDS. The fourth and final module covers real-world skills and techniques for synchronizing the time on networked computers from a central clock, collecting and securing information for forensic analysis, and using a remote, centralized storage point for log data gathered from multiple computers.