On Sun, 14 Jan 2001 16:14:22 -0500 (EST), Bill Johnson <[EMAIL PROTECTED]> wrote:
>
> I'm running PortSentry on my RedHat 7 box. Is this sufficient to protect
> this standalone PC from most problems that might occur with an always on
> cable modem connection?
>
> Forgive me for the off topic post, but this group usually provides great
> answers so I thought I'd run it by you.
First, this is an important issue -- in my opinion very on-topic (not off-topic).
Second, to answer your questions -- no. While portsentry is a useful tool, it is not
sufficient protection by itself. Portsentry is designed to protect against
portscanning -- a systematic attempt by a potential intruder to find out what services
your machine is providing, and what ports those services are running on. Because a
port-scan is often the first step in an attack, portsentry can help you preempt an
attack.
But many intrusion attempts begin without a preceeding port-scan, and portsentry will
not protect you from these attempts. For example, 90% of what my firewall rejects are
connection attempts to port 21 (ftp), with no preceeding port-scan. Since I do not
offer public ftp services, these people are definitely up to no good (probably trying
one of the well known exploits against against wu-ftp, etc).
To really protect your machine, you should:
(1) Keep your system up to date. Update your software regularly, and as soon as
security updates are available. An easy way to keep up to date on announcements is to
sign up for the redhat-announce-list (http://www.redhat.com/mailing-lists/).
(2) Don't run services that you don't need. Don't run an ftp server if you don't need
it, etc.
(3) Set up a firewall. If you're running a 2.2 kernel, you need ipchains (for the 2.4
kernel, iptables). This isn't really that hard to do. There's lots of information
available (howto's, man pages, web pages), many utility programs to help you out, etc.
And you'll find that there are many people on this list who will help you get your
firewall set up.
(4) Then set up portsentry, if you want to. There are other useful tools you might
want to look at too, like tripwire. Also, make it a habbit to reagularly read through
your log files.
--
Larry Grover, PhD
Assoc Prof of Physiology
Marshall Univ Sch Med
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
