security model
For FreeBSD:
- Filesystems other than / and /usr should be mounted with the nosuid and nodev options.
- Setuid binaries that are not being used should be stripped of setuid. Programs that are known to have had security problems before should as well. Programs that have setuid, but don't absolutely need it in order to operate shouldn't have it.
- Configuration files (as well as user configuration files for wheel group members) and various suid binaries should be md5 sum checked every day by a script in the crontab; mail should only be sent (and to an address on another machine), only when the sums do not match the previous day's.
- login.access should be modified only to allow root to log in from the console, and su-ed to by people in the staff/wheel group(s). Actually, if its possibly, only to allow wheel members from certain machines, hosts.conf should be set paranoid so that machines without a reverse ip address, or the wrong one, are not allowed to log in.
- All services that allow you to log in via a non-encrypted, or secure in another manner channel should be disabled. For example, rlogin, rsh, telnet (although I've heard of an ssl implementation of telnet, I have yet to see it), etc.
- I want to move over from nfs to tcfs, a newer derivation of cyptofs, which was an encrypted implementation of nfs.
- Everything that can be forwarded over ssh tunneling, should.
- Servers that are publicly available should not be run as root. Actually, no servers should be run as root if it can be helped.
- All services that don't need to be made available to the outside world should be firewalled off.
For Windows: