On Thu, 2002-10-17 at 06:42, linux power wrote: > > Well. The problem is that they have attemped to do so several times. > And its not done by a school child. My iptables firewall is to good for that.
I have to say something here. With this attitude you will probably get nailed again. You have been given some very sound advice from some very experienced users but in spite of that you sem to think that an iptables firewall should be enough. I submit that be definition it is not or we would not be having this conversation. I was hacked on my home firewall a couple of years ago because I had an old version of sendmail running. I did not even know it was running. so I did not bother to update it. I am a firm believer in dedicated firewall machines as you mentioned. The one at my house is a P90 IBM box I got off ebay a couple of years ago for < $90 shipping included. I now run tripwire, portsentry and have logcheck send me emails from the 5 firewalls I currently maintain and can tell you that each of these boxes get banged on daily on numerous ports. I subscribe to several security lists so hopefully I become aware of exploits early and can take corrective action. I not only disable but rpm -e anything that I think I can get along without. I only run ssh with protocol 2, dsa key required ad no root login. Certainly no email, ftp, X, chat server or any of that sort of stuff. There is probably more I could do and will as I continue to learn about this morass called computer security. Really wading into this stuff is a great way to learn about the internals of the os and the various services and protocols that they run on. up2date is a good service as is subscribing to lists like the redhat-watch, linux-security and a few others I cant think of right now. In case you missed the point, good security is multi-layered. There are a number of good security howtos out there I suggest you read a few. An old mentor of mine told me on several occations that if you keep hearing the same thing from different sources you should probably pay attention. Sound advice IMNSHO. HTH Bret -- redhat-list mailing list unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
