On Thu, 27 Sep 2001, Andor Demarteau <ademarte@students.cs.uu.nl> wrote: > In addition to all said before. > Here's a list of steps to take: > - don't install (or remove) any unnecessary servers/deamons (programs that > offer services over the network) > - setup a firewall (this is NOT trivial) > - DON"T ALLOW telnet/ftp from the outside world, these are the most > UNTRUSTED services you can have and can be used for password-sniffing cause > they will be transmitted in cleartext format > - outside access by ssh only > - while uncomenting lines in /etc/services or /etc/inetd.conf seem > workable, it's poor security imho > - use shadow-passwords, if possible (i.e. under debian 2.2) make sure > passwords can be longer then your standard 8 characters > - let soemone use nmap or netcat form the outside to check yoru firewall > - install something like snort to watchout for different attacks/portscans - An IDS is a good idea too. > - indeed install security-upgrades (i.e. the debian proposed-updates tree > in stable) > - NEVER install an unstable/testing/frozen distribution on your system, > this is bleeding-edge software and is bound to have bugs > - Don't allow mail-relaying via your linux-box > > ONe thing is for sure, a linux box is ALWAYS hackable! Yes, but it's not less true for, say, Solaris or FBSD, no system is uncrackable, just as no safe is unbreakable; it's just more or less difficult, depending what's gone in the design and what thoughts have been given to security all along the way. > THe above steps do make it hihgly unlikely and very difficult form over the > network. > If a person gians access (physical access) to a linux-box, it's so very > easy to gain root-control. > > Note on firewall setup: read i.e. the Ipchains-howot Firewall-howoto and > man ipchains very carefully before seting up a firewall. > THi si NOT trivial and any mistake can lead to a serious security-hole and > you are not even aware of it beeing there. > > slainte mhaith (good health), slainte (cheers) > Uisce Beatha (water of live/health) > ----------- > Andor Demarteau E-mail: ademarte@students.cs.uu.nl > student computer science www: http://www.students.cs.uu.nl/~ademarte/ > Utrecht University irc: see webpage for details > ----------- > Believe in yourself, know what you want, and make it happen! > > > > _______________________________________________ > > Blinux-list@redhat.com > https://listman.redhat.com/mailman/listinfo/blinux-list