Peter wrote:

> Hi all,
> I'm new to the computer security. Can you show me some starting point of
> securing a server? What i read on most sites about security is that
> updating the system is one of the best pratices. However, i find it quite
> hard to do that on daily basis, especially when you have a server with
> little or zero support such as Fedora 1/2/3 or Win2K. I also heard about
> IDS but most of IDS systems require experiences of the admin to set up a
> good database, which is impossible for beginner like me. How secure is a
> firewall with good policy?
> In case my server was intruded, what is the procedure to stop the attack,
> secure the system and rescue the data?
> If possible, please refer me to sources where i can learn more. I want
> something detailed, not just general guidlines that can be found by
> google.
>
> Thanks a lot.
>

Security is an ongoing process, not a final state. beware of people claiming
simple solutions. The best security tool is EDUCATION. Educate yourself
about computer security by reading books and research. EDUCATE your users
as to how to use a computer in secure ways. The more you know about system
security, the better you will be at securing a system.

That said, security should be based on the need. What the NSA and CIA would
install for security on their most secure severs, would probably not work
for the computer system at your local library. To know "How to secure a
server" one needs to assess the best balance between security and
accessibility required.