On 7/19/11, John Hodrien <J.H.Hodrien@xxxxxxxxxxx> wrote: > On Sun, 17 Jul 2011, Always Learning wrote: > >> If using SSH, FTP, phpmyadmin etc. etc. then DO NOT use the standard >> ports. Allocate a different IP address (if you have several) and use a >> non-web IP address for SSH and a different non-web IP address for >> phpmyadmin etc. WITH non-standard ports (you can go as high as about >> 64000). Also consider ONLY allowing access from predefined static IP >> addresses (under your control). Do not make it easy for the hackers. >> Give them a difficult time. > > Running on non-default ports (especially high numbered ports) always strikes > me as the wrong way of doing things. You've come out of the admin shelter > of > low ports meaning you're now vulnerable to local attacks - if I can make ftp > (one of your examples) crash, I can potentially steal its port and run my > own > ftp server, stealing everyone's password if I have a local account. At the > same time, you're still vulnerable to plenty of scanning attacks. > > If you want accessible services to be accessible, I say make them > accessible, > and secure that service as much as you reasonably can. > > If you want to restrict access to make it more secure, put them behind a VPN > or other protection. That way you *really* get the security benefit that > you > wanted in the first place. > > jh > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > http://lists.centos.org/mailman/listinfo/centos > Dear All With respect to the references you gave me, I figured out to add the following line to my /etc/sysconfig/iptables : -A RH-Firewall-1-INPUT -p udp -m udp --dport 53 -j ACCEPT Then I issued: #service iptables restart And now the windows machine can browse valid url . Thank you for your help. I want to put more stuff on my centos 5.6 machine. To this end, I installed ultraedit, octave, gschem,shorewall on my centos 5.6 machine. But I don't see one-to-one relationship between these applications and the ones I have on my windows machine. For example, the octave does not have the same power as MATLAB on windows machine or Pspice on windows is more powerful than the the one I have on my centos. Can you please let me know where powerful centos stuffs for various purposes can be selected and installed from the internet? _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos