Good evening, Robyn...
On Thu, 1 Feb 2001, Robyn Mills wrote:
> I was hoping for comments on hardening (kernel and system) and maybe
> comparisons of the packet filtering applications for the linux distributions.
What *I* use for packet filtering/firewalling is ipchains under RedHat
6.2. Once the user has a basic understanding of the various stages and
the various switches, it is pretty straightforward. However, as I found
out earlier today, I needed to properly set the netmask properly in
order to be able to block an entire network. <sigh> I owe a lot of
thanks to the people on this list for pointing that out. 8-)
My solutions for hardening, actually, may make some of the people
reading this list laugh at me, but thus, these "tried and true"
solutions have worked for years. One of my "handlers" who taught me unix
about twenty-some years ago said it best. "If you don't *abolutely* need
to run risky services on a server, DON'T." His advice has proven itself,
over time. I don't run TELNET, FTP or any of the other insecure ports,
but use SSH, and FTP over SSH. Perhaps the most risky service I run is a
small, local usenet news server, which is constantly being bombarded
with various people doing things I'd rather not discuss in public. 8-(
I hope my comments have helped...
Dave
--
Dave Laird ([EMAIL PROTECTED])
The Used Kharma Lot
Web Page: http://www.kharma.net updated 12/28/2000
I feel ... JUGULAR ...
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
