THE BIG BROTHER SYSTEM AND NETWORK MONITOR ========================================== Version 1.9i Fri, 30 Dec 2005 20:19:58 PST (c) Copyright Quest Software, Inc. 1997-2003 All rights reserved. Questions? Contact: Quest Software, Inc. E-mail: info@bb4.com Please read the LICENSE agreement before using this package. For installation instructions please refer to the README.INSTALL file. Security Considerations ======================= We care about security, and have a "full disclosure" policy. That means if a security problem is discovered, we'll disclose it promptly to the BB mailing list, Bugtraq, and Freshmeat.net. The reason for this is simple, if we know about it, so do the bad guys, and they're already exploiting it. If we issue a security alert, please follow the instructions if you're at risk. If you discover a hole, please let us know immediately, and we'll fix it right away. You will earn our undying gratitude. The following suggestions are mostly targeted as BB display and pager hosts. These are the Big Brother daemons, and as such are higher risk than the simple clients. If you have any additional suggestions, please pass them along! * Never install network software without considering the security implications. If you have a security person, discuss it with them. If not, talk nicely to your Sys Admin. If you're the Sys Admin, feel free to give us a shout on the BB mailing list if you have any questions. * Since you're probably running a Web server on the BBDISPLAY machine you might consider making sure it's secure. Even Apache has gotten broken into, just from a misconfigured web server. Beware! * BB does not need to run as root. We suggest creating a user 'bb' and running BB as that user. * BB has the ability to restrict incoming connections to those IP addresses (and networks) listed in the etc/security file. Use it. * If you're in an environment with a firewall, we suggest running two instances of BB, one on this inside of the firewall, and one on the outside. This keeps things clean, and doesn't require any unnecessary holes in the firewall. * The usual warnings about scripts in the cgi-bin directory... make sure that your webserver isn't running as root, and be careful what can be seen and run by outsiders. * We recommend password-protecting the Big Brother web pages. This includes the cgi-bin scripts. * Don't use the "notes" and "disable/enable" features of the BB display/pager hosts unless you understand the implications. Refer to the documentation for more information. * Subscribe to the BB support mailing for support, security updates and other news: mailto: majordomo@bb4.com in the text of the message: subscribe bb There's also a developer's mailing list: mailto: majordomo@bb4.com in the text of the message: subscribe bbd