On Thu, 10 Jan 2002, Gregory J. Feig wrote: > No, Steve....we don't want this discussion to end here...
I didn't mean it like that. I meant that when Glenn said, Q. What do I lose... A. Nothing. that I couldn't add anything at that point. To me, that pretty much says "point, set, match." It doesn't mean there won't be future matches. ;-) > I do NOT ever intend to run those extra services, either...at least > not until I am WAY more experienced...but this apparently does not > definitely protect me from crackers...so... If you have no services running... i.e., nothing listening on any ports, then you're pretty secure. > 1. Let us try to generally identify the main problem areas I think the biggest problem is that Joe User doesn't realize the ramifications of running a default install. He doesn't realize that there are probably daemons listening on ports he's not aware of. > 3. These should include those ISTAT checks....one question I have is > how do I automagically enable these checks on every boot, so I can be > SURE everything is shut down, etc. If you know what daemons are started in your boot process, you shouldn't have to check each time you boot. > 4. How do we identify just WHAT threats we are likely to be opened > to. It depends entirely on what distribution you installed and what options you chose when you installed it. There isn't really any standard template for all distributions except that you should know what daemons you're running, and that you should pay particular attention to security sites for any late breaking security holes in those daemons. If you 'netstat -tupan' returns nothing at all, then you're probably about as secure as you are with DOS. - Steve
