Nicky Peeters <[EMAIL PROTECTED]> wrote:
> If you're really paranoid you're gonna need to get dirty and fiddle with
> every port/service/package that poses a possible threat.
If you're connected to the internet, its not a question of whether
or not you are paranoid, its are you paranoid ENOUGH!
And I'm only slightly kidding....
I could start on a long thing about how to make a system
secure and such, but instead I'll just give the summary:
Turn off everything you can.
Hmm. Well, I suppose thats maybe a bit TOO terse ;-)
So here's a slightly longer version:
On my firewall at home,I've only got a teergrube (i.e. a
'tar pit' in front of postfix), ssh, and (one of these days)
an html server reachable from the outside. Or, put in
port number terms: 25, 22, and what, 80 for http? (I
don't have apache installed yet, since I'm only on a
dialup yet...)
Every service (port) you have available to the outside
world needs an awfully good reason to be there, and should
be kept as up-to-date with the security patches as possible....
IMHO, anyway ;-)
rc
Rusty E. Carruth Email: [EMAIL PROTECTED] or [EMAIL PROTECTED]
Voice: (480) 345-3621 SnailMail: Schlumberger ATE ___
FAX: (480) 345-8793 7855 S. River Parkway, Suite 116 \e/
Ham: N7IKQ @ 146.82+,pl 162.2 Tempe, AZ 85284-1825 V
ICBM: 33 20' 44"N 111 53' 47"W http://tuxedo.org/~esr/ecsl/index.html