From owner-freebsd-questions@FreeBSD.ORG  Wed May 11 19:58:05 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C7E5C16A4D2
	for <freebsd-questions@freebsd.org>;
	Wed, 11 May 2005 19:58:05 +0000 (GMT)
Received: from top.daemonsecurity.com (FW-182-254.go.retevision.es
	[62.174.254.182])
	by mx1.FreeBSD.org (Postfix) with ESMTP id F037E43D64
	for <freebsd-questions@freebsd.org>;
	Wed, 11 May 2005 19:58:01 +0000 (GMT)
	(envelope-from norgaard@locolomo.org)
Received: from [192.168.0.32] (charm.daemonsecurity.com [192.168.0.32])
	by top.daemonsecurity.com (Postfix) with ESMTP id 07837FD06B;
	Wed, 11 May 2005 21:57:45 +0200 (CEST)
Message-ID: <428263B6.7070305@locolomo.org>
Date: Wed, 11 May 2005 21:57:42 +0200
From: =?ISO-8859-1?Q?Erik_N=F8rgaard?= <norgaard@locolomo.org>
Organization: Locolomo.ORG
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.5) Gecko/20050314
X-Accept-Language: en, en-us, en-gb, da, fr, de, it, es
MIME-Version: 1.0
To: David.Bear@asu.edu
References: <20050511170133.GD10213@asu.edu>
In-Reply-To: <20050511170133.GD10213@asu.edu>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: freebsd-questions@freebsd.org
Subject: Re: best practices for administration
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 11 May 2005 19:58:05 -0000

David Bear wrote:
> Since the BSD community seems to be more security conscious than other
> (read windows system administrators) groups, I wanted to see if anyone
> here would have any pointers to best practices documents when 
> administering ANY operating system, not just FreeBSD. I am assuming
> that many of you must manage other operating systems as well.

You can find some BCP's and FYI's at frc-editor.org. ISO-17799/BS-7799 
is the international standard on information security, and there is the 
ITIL library.

There is no general answer to your question as much is context 
dependent. For example:

What do you need a user to present before giving an account? How do you 
verify that the information presented is valid?

Soon, you are faced with different classes of accounts: Employees, 
consultants, customers, and different levels of privileges. And who has 
privilege to grant others access to what?

Cheers, Erik
-- 
Ph: +34.666334818                           web: http://www.locolomo.org
S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt
Subject ID:  A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9
Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2