Advanced Hardening
By this point, we are aware of two large changes we can make to our operations and setup of IPCop, to make it more secure. The first, auditing open ports, allows us to cut down the exposure that our firewalls and systems have to the Internet. The second, utilizing some form of intrusion detection or after-the-fact scanning system such as tripwire and chkrootkit, gives us a higher chance of detecting anyone who does happen to break through our defenses.
Hardening our host, however, is a lot more comprehensive a task than simply installing a service or running some port scanning software. Maintaining a hardened system involves removing any functionality that we don't need as well as making well thought-out changes to our system's security. IPCop is already considerably hardened in this respect, making it considerably securer than a default Linux installation of any of the major distributions. Some of the steps that have been made to make IPCop more secure include the following...