In addition to all said before. Here's a list of steps to take: - don't install (or remove) any unnecessary servers/deamons (programs that offer services over the network) - setup a firewall (this is NOT trivial) - DON"T ALLOW telnet/ftp from the outside world, these are the most UNTRUSTED services you can have and can be used for password-sniffing cause they will be transmitted in cleartext format - outside access by ssh only - while uncomenting lines in /etc/services or /etc/inetd.conf seem workable, it's poor security imho - use shadow-passwords, if possible (i.e. under debian 2.2) make sure passwords can be longer then your standard 8 characters - let soemone use nmap or netcat form the outside to check yoru firewall - install something like snort to watchout for different attacks/portscans - indeed install security-upgrades (i.e. the debian proposed-updates tree in stable) - NEVER install an unstable/testing/frozen distribution on your system, this is bleeding-edge software and is bound to have bugs - Don't allow mail-relaying via your linux-box ONe thing is for sure, a linux box is ALWAYS hackable! THe above steps do make it hihgly unlikely and very difficult form over the network. If a person gians access (physical access) to a linux-box, it's so very easy to gain root-control. Note on firewall setup: read i.e. the Ipchains-howot Firewall-howoto and man ipchains very carefully before seting up a firewall. THi si NOT trivial and any mistake can lead to a serious security-hole and you are not even aware of it beeing there. slainte mhaith (good health), slainte (cheers) Uisce Beatha (water of live/health) ----------- Andor Demarteau E-mail: ademarte@students.cs.uu.nl student computer science www: http://www.students.cs.uu.nl/~ademarte/ Utrecht University irc: see webpage for details ----------- Believe in yourself, know what you want, and make it happen!