What is to be Done?

Know your enemy.

Design and Implementation of more secure network protocols (many protocols like FTP and DNS are inherently insecure).

Using programming techniques which avoid security holes (nearly impossible with C which is still the most popular language for network services).

Reviewing software in regard to security holes (does not prevent exploits. Examples: named and ssh).

Minimize the number of services on your system. Most services that are enabled by default are not needed and are just ``good'' for their security problems. Likewise, it is wise to look for more secure alternatives, e.g. replace sendmail by Qmail, and named by djbdns.

Block all other services for the outside world (firewall).

Install software that detects attacks (Intrusion Detection Systems).

Check for successful attacks by periodically verifying the integrity of all software packages (supported by Tripwire or AIDE).

``Constant Vigilance''

	Know your enemy.
	Design and Implementation of more secure network protocols (many protocols like FTP and DNS are inherently insecure).
	Using programming techniques which avoid security holes (nearly impossible with C which is still the most popular language for network services).
	Reviewing software in regard to security holes (does not prevent exploits. Examples: named and ssh).
	Minimize the number of services on your system. Most services that are enabled by default are not needed and are just ``good'' for their security problems. Likewise, it is wise to look for more secure alternatives, e.g. replace sendmail by Qmail, and named by djbdns.
	Block all other services for the outside world (firewall).
	Install software that detects attacks (Intrusion Detection Systems).
	Check for successful attacks by periodically verifying the integrity of all software packages (supported by Tripwire or AIDE).
	``Constant Vigilance''