Re: firewall?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 7/19/11, John Hodrien <J.H.Hodrien@xxxxxxxxxxx> wrote:
> On Sun, 17 Jul 2011, Always Learning wrote:
>
>> If using SSH, FTP, phpmyadmin etc. etc. then DO NOT use the standard
>> ports. Allocate a different IP address (if you have several) and use a
>> non-web IP address for SSH and a different non-web IP address for
>> phpmyadmin etc. WITH non-standard ports (you can go as high as about
>> 64000). Also consider ONLY allowing access from predefined static IP
>> addresses (under your control). Do not make it easy for the hackers.
>> Give them a difficult time.
>
> Running on non-default ports (especially high numbered ports) always strikes
> me as the wrong way of doing things.  You've come out of the admin shelter
> of
> low ports meaning you're now vulnerable to local attacks - if I can make ftp
> (one of your examples) crash, I can potentially steal its port and run my
> own
> ftp server, stealing everyone's password if I have a local account.  At the
> same time, you're still vulnerable to plenty of scanning attacks.
>
> If you want accessible services to be accessible, I say make them
> accessible,
> and secure that service as much as you reasonably can.
>
> If you want to restrict access to make it more secure, put them behind a VPN
> or other protection.  That way you *really* get the security benefit that
> you
> wanted in the first place.
>
> jh
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
Dear All
With respect to the references you gave me, I figured out to add the
following line to my /etc/sysconfig/iptables :
-A RH-Firewall-1-INPUT -p udp -m udp --dport 53 -j ACCEPT
Then I issued:
#service iptables restart
And now the windows machine can browse valid url . Thank you for your help.
I want to put more stuff on my centos 5.6 machine. To this end, I
installed ultraedit, octave, gschem,shorewall on my centos 5.6
machine. But I don't see one-to-one relationship between these
applications and the ones I have on my windows machine. For example,
the octave does not have  the same power as MATLAB on windows machine
or Pspice on windows is more powerful than the the one I have on my
centos. Can you please let me know where powerful centos stuffs for
various purposes can be selected and installed from the internet?
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux