Peter wrote:

> Hi all,
> I'm new to the computer security. Can you show me some starting point of
> securing a server?

A good starting point is a degree in computer science and abut 5 years field
experience setting up and managing systems.

Go read a few books, mosey over to Sans.org/cert.org and read some of their
free whitepapers. Checkout Brainbench for cheap/free exams (no point in
reading the books unless you can prove you understand them). There's a lot
of introductory level stuff on wikipedia - but be wary of the value of
infromation published there. Another good site is www.securityfocus.com

You'll get lots of opinions on Usenet, and occassionally some good advice;
If you had supplied about 100 words on what it is you are trying to secure
then you might have got some specific advise here. Are you ready to
understand it?

> What i read on most sites about security is that
> updating the system is one of the best pratices.

Almost; keeping up to date in a managed fashion with the supplied patches is
good practice.

> However, i find it quite
> hard to do that on daily basis, especially when you have a server with
> little or zero support such as Fedora 1/2/3 or Win2K.

I can't tell you if you should be that up to date from the information
you've supplied.

> I also heard about
> IDS but most of IDS systems require experiences of the admin to set up a
> good database, which is impossible for beginner like me.

No some IDS are hard to set up, some less so. The level of ability on the
part of the admin and how they apply those skills determines the security
of the system.

> How secure is a
> firewall with good policy?

It depends on the context. Is the policy appropriate and complete? Is it
implemented properly?

> In case my server was intruded, what is the procedure to stop the attack,
> secure the system and rescue the data?

Is this a troll? If not, its time to call Ghostbusters :(

C.