On Wed, 1 Nov 2000, Derek D. Martin wrote:
> On Wed, 1 Nov 2000, Benjamin Scott wrote:
>
> > Turn off unnecessary services.
>
> Any service that allows a connection from the outside world is a potential
> threat to your machine's security, so turn off the ones you don't
> need.
>
> Install OpenSSH to replace telnet and rlogin... it's a secure encrypted
> connection. It can also do other neat things like forward X sessions over
> the encrypted tunnel.
>
> Once you do that, TURN OFF telnet, rlogin, and ftp (unless you NEED
> anonymous ftp, but if you don't REALLY need it, you shouldn't use
> it). Those services are inherenlty insecure. Block them at your firewall
> if you can. That goes for any other un-needed service as well.
>
Even better, TAKE IT OFF THE SYSTEM! Code that isn't on the system
isn't a security risk (i.e. they can't somehow turn it on).
Especially on the firewall system, pull the r's (rwho, rlogin, etc),
ftp, telnet. Pull any service you don't want to run on the system.
Build a custom install with the kernel stripped to the absolute
essential services. Even better, build into the kernel what you need,
and turn off module support (so they can't do an insmod / modprobe to
insert malicious code).
A good starting point is the Linux Router Project:
(http://www.linuxrouter.org)
(still audit by hand, then run bastille on it, then start getting
paranoid ;-)
jeff
------------------------------------------------------------------------
Jeffry Smith Technical Sales Consultant Mission Critical Linux
[EMAIL PROTECTED] phone:603.930.9739 fax:978.446.9470
------------------------------------------------------------------------
Thought for today: beanie key n.
[Mac users] See command key.
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
