Has anyone mentioned the --enable-tcpwrappers compile option? Seems like a must for this discussion.
Dion > -----Original Message----- > From: Darren Young [mailto:[EMAIL PROTECTED]] > Sent: Monday, June 24, 2002 3:42 PM > To: Nessus Nessus Mailing List > Subject: RE: Nessus Location > > > How about the nessus daemon itself. Are there any real > "gotchas" on having > it open to the outside? Any precautions that should be taken? > > > -----Original Message----- > > From: David Ford [mailto:[EMAIL PROTECTED]] > > Sent: Monday, June 24, 2002 2:32 PM > > To: twig les > > Cc: Bezalel, Yaakov; Darren Young; Nessus Nessus Mailing List > > Subject: Re: Nessus Location > > > > Isn't that a contradiction in advice since OpenBSD and > OpenSSH are done > > by the same group? :) > > > > Use *bsd, linux, etc. (Not windoze) > > > > twig les wrote: > > > > >I hesitate to write this cause I *really* don't want > > >to start a religous war...but in my experience if you > > >want it critically secured, build a headless OpenBSD > > >box that only listens for ssh (and, hence, sftp). > > >Patch every 3 months or whenever OpenSSH gets hacked > > >again, problem solved for the most part... > > > > > > >
