RE: Hardening Ports? [7:40852]
Yeah there is a price to be paid for performance and support. Try doing a scan of 50 machines in Nessus and do the same scan in Retina. Retina from my experience will do 50 machines in less than an hour. Nessus might be about a day. Plus the reviews have showed that Nessus doesnt see all the vulnerabilities that Retina sees. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 09, 2002 12:33 PM To: Ali Mesdaq Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Hardening Ports? [7:40852] Hi Ali, Nessus is free, Retina is 945.00 USD Thanks Kevin McCarty CCNA CCNP Computer Sciences Corporation Defense Sector Ali Mesdaq Subject: RE: Hardening Ports? [7:40852] Sent by: nobody 04/09/2002 12:55 PM Please respond to Ali Mesdaq You also might want to try Retina from eEye. It's the best scanner on the market. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 09, 2002 10:26 AM To: [EMAIL PROTECTED] Subject: Re: Hardening Ports? [7:40852] Hello all, The absolute best info (IMHO) is www.sans.orgthey are up to the minute, and OS savvy beyond belief.SANS has the uncanny ability to have gray hackers who 'contribute' to their security efforts. Forget google, go to the source. After you harden your system don't forget to scan it heavily to see what is still open. If you have a linux/solaris box available go to www.nessus.org and use their scanner. (Good stuff, but you can kill a server with it if you scan too heavily.) It is my firm belief that you cannot do network security effectively without knowledge of OS platforms and what processes/daemons they have running. Have a good day. Kevin McCarty CCNA CCNP Computer Sciences Corporation Defense Sector Charlie cc: Sent by: Subject: Re: Hardening Ports? [7:40852] nobody 04/09/2002 10:04 AM Please respond to Charlie Thanks, Kent. Chee Kin and Sam actually answered my question already. Nonetheless, thanks for your advice. Google is where I will also check in the future (although this newsgroup is proving to be very helpful). Charlie ""Kent Hundley"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Charlie, > > As others noted, it depends on your OS. I would recommend doing a search on > google for "your OS"+hardening. You'll probably find what your looking for. > Also consult your vendors web site and http://www.sans.org for more info. > > HTH, > Kent > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Charlie > Sent: Monday, April 08, 2002 12:51 PM > To: [EMAIL PROTECTED] > Subject: Hardening Ports? [7:40852] > > > Hello, all :-) > > I was hoping one (or many) of you could help me with a question I have: how > do I lock-down ports on a server? I know how to lock them down on firewalls > and routers, but how to do it on a server is my question. I know it's a > general question but any assistance would be most appreciated. > > Truly, > Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40965&t=40852 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Hardening Ports? [7:40852]
Hi Ali, Nessus is free, Retina is 945.00 USD Thanks Kevin McCarty CCNA CCNP Computer Sciences Corporation Defense Sector Ali Mesdaq Subject: RE: Hardening Ports? [7:40852] Sent by: nobody 04/09/2002 12:55 PM Please respond to Ali Mesdaq You also might want to try Retina from eEye. It's the best scanner on the market. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 09, 2002 10:26 AM To: [EMAIL PROTECTED] Subject: Re: Hardening Ports? [7:40852] Hello all, The absolute best info (IMHO) is www.sans.orgthey are up to the minute, and OS savvy beyond belief.SANS has the uncanny ability to have gray hackers who 'contribute' to their security efforts. Forget google, go to the source. After you harden your system don't forget to scan it heavily to see what is still open. If you have a linux/solaris box available go to www.nessus.org and use their scanner. (Good stuff, but you can kill a server with it if you scan too heavily.) It is my firm belief that you cannot do network security effectively without knowledge of OS platforms and what processes/daemons they have running. Have a good day. Kevin McCarty CCNA CCNP Computer Sciences Corporation Defense Sector Charlie cc: Sent by: Subject: Re: Hardening Ports? [7:40852] nobody 04/09/2002 10:04 AM Please respond to Charlie Thanks, Kent. Chee Kin and Sam actually answered my question already. Nonetheless, thanks for your advice. Google is where I will also check in the future (although this newsgroup is proving to be very helpful). Charlie ""Kent Hundley"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Charlie, > > As others noted, it depends on your OS. I would recommend doing a search on > google for "your OS"+hardening. You'll probably find what your looking for. > Also consult your vendors web site and http://www.sans.org for more info. > > HTH, > Kent > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Charlie > Sent: Monday, April 08, 2002 12:51 PM > To: [EMAIL PROTECTED] > Subject: Hardening Ports? [7:40852] > > > Hello, all :-) > > I was hoping one (or many) of you could help me with a question I have: how > do I lock-down ports on a server? I know how to lock them down on firewalls > and routers, but how to do it on a server is my question. I know it's a > general question but any assistance would be most appreciated. > > Truly, > Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40957&t=40852 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Hardening Ports? [7:40852]
You also might want to try Retina from eEye. It's the best scanner on the market. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 09, 2002 10:26 AM To: [EMAIL PROTECTED] Subject: Re: Hardening Ports? [7:40852] Hello all, The absolute best info (IMHO) is www.sans.orgthey are up to the minute, and OS savvy beyond belief.SANS has the uncanny ability to have gray hackers who 'contribute' to their security efforts. Forget google, go to the source. After you harden your system don't forget to scan it heavily to see what is still open. If you have a linux/solaris box available go to www.nessus.org and use their scanner. (Good stuff, but you can kill a server with it if you scan too heavily.) It is my firm belief that you cannot do network security effectively without knowledge of OS platforms and what processes/daemons they have running. Have a good day. Kevin McCarty CCNA CCNP Computer Sciences Corporation Defense Sector Charlie cc: Sent by: Subject: Re: Hardening Ports? [7:40852] nobody 04/09/2002 10:04 AM Please respond to Charlie Thanks, Kent. Chee Kin and Sam actually answered my question already. Nonetheless, thanks for your advice. Google is where I will also check in the future (although this newsgroup is proving to be very helpful). Charlie ""Kent Hundley"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Charlie, > > As others noted, it depends on your OS. I would recommend doing a search on > google for "your OS"+hardening. You'll probably find what your looking for. > Also consult your vendors web site and http://www.sans.org for more info. > > HTH, > Kent > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Charlie > Sent: Monday, April 08, 2002 12:51 PM > To: [EMAIL PROTECTED] > Subject: Hardening Ports? [7:40852] > > > Hello, all :-) > > I was hoping one (or many) of you could help me with a question I have: how > do I lock-down ports on a server? I know how to lock them down on firewalls > and routers, but how to do it on a server is my question. I know it's a > general question but any assistance would be most appreciated. > > Truly, > Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40948&t=40852 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Hardening Ports? [7:40852]
Hello all, The absolute best info (IMHO) is www.sans.orgthey are up to the minute, and OS savvy beyond belief.SANS has the uncanny ability to have gray hackers who 'contribute' to their security efforts. Forget google, go to the source. After you harden your system don't forget to scan it heavily to see what is still open. If you have a linux/solaris box available go to www.nessus.org and use their scanner. (Good stuff, but you can kill a server with it if you scan too heavily.) It is my firm belief that you cannot do network security effectively without knowledge of OS platforms and what processes/daemons they have running. Have a good day. Kevin McCarty CCNA CCNP Computer Sciences Corporation Defense Sector Charlie cc: Sent by: Subject: Re: Hardening Ports? [7:40852] nobody 04/09/2002 10:04 AM Please respond to Charlie Thanks, Kent. Chee Kin and Sam actually answered my question already. Nonetheless, thanks for your advice. Google is where I will also check in the future (although this newsgroup is proving to be very helpful). Charlie ""Kent Hundley"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Charlie, > > As others noted, it depends on your OS. I would recommend doing a search on > google for "your OS"+hardening. You'll probably find what your looking for. > Also consult your vendors web site and http://www.sans.org for more info. > > HTH, > Kent > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Charlie > Sent: Monday, April 08, 2002 12:51 PM > To: [EMAIL PROTECTED] > Subject: Hardening Ports? [7:40852] > > > Hello, all :-) > > I was hoping one (or many) of you could help me with a question I have: how > do I lock-down ports on a server? I know how to lock them down on firewalls > and routers, but how to do it on a server is my question. I know it's a > general question but any assistance would be most appreciated. > > Truly, > Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40946&t=40852 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Hardening Ports? [7:40852]
Thanks, Kent. Chee Kin and Sam actually answered my question already. Nonetheless, thanks for your advice. Google is where I will also check in the future (although this newsgroup is proving to be very helpful). Charlie ""Kent Hundley"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Charlie, > > As others noted, it depends on your OS. I would recommend doing a search on > google for "your OS"+hardening. You'll probably find what your looking for. > Also consult your vendors web site and http://www.sans.org for more info. > > HTH, > Kent > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Charlie > Sent: Monday, April 08, 2002 12:51 PM > To: [EMAIL PROTECTED] > Subject: Hardening Ports? [7:40852] > > > Hello, all :-) > > I was hoping one (or many) of you could help me with a question I have: how > do I lock-down ports on a server? I know how to lock them down on firewalls > and routers, but how to do it on a server is my question. I know it's a > general question but any assistance would be most appreciated. > > Truly, > Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40929&t=40852 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Hardening Ports? [7:40852]
Dude!!! Thanks for the info. TCP/IP Filtering is EXACTLY what I was looking for. Thanks a whole lot. Charlie ""Chee Kin"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > You can also try using the IP Filtering feature from Windows NT/2000. It > should be under the advanced configuration for TCP/IP. > > cheekin > > - Original Message - > From: "Charlie" > To: > Sent: Tuesday, April 09, 2002 4:40 AM > Subject: Re: Hardening Ports? [7:40852] > > > > Thank you, Sam. Your instructions were clear and simple to follow. I was > > refering to a Windows system. I gave it a try and already idenitified > open > > ports (which I also learned from using WS PingPro). I will now attempt to > > close/end some services. Thanks again. > > > > Charlie > > > > ""sam sneed"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Which operating systems? > > > > > > On windows the most common way to to disable services from the control > > > panel. Do a netstat -an to see which ports are open. Then you can > shutdown > > > services that have those ports open. > > > > > > On UNIX/LINUX you can do the same netstat -an. Most of the services can > be > > > disabled in inetd.conf or xinted.conf. Just comment them out and restart > > > inetd daemon. Also services are started from startup scripts which are > in > > > different locations on different versions of UNIX and Linux. > > > > > > ""Charlie"" wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Hello, all :-) > > > > > > > > I was hoping one (or many) of you could help me with a question I > have: > > > how > > > > do I lock-down ports on a server? I know how to lock them down on > > > firewalls > > > > and routers, but how to do it on a server is my question. I know it's > a > > > > general question but any assistance would be most appreciated. > > > > > > > > Truly, > > > > Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40927&t=40852 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Hardening Ports? [7:40852]
My apologies. Posted to the wrong group. cheekin - Original Message - From: "Chee Kin" To: Sent: Tuesday, April 09, 2002 9:35 AM Subject: Re: Hardening Ports? [7:40852] > You can also try using the IP Filtering feature from Windows NT/2000. It > should be under the advanced configuration for TCP/IP. > > cheekin > > - Original Message - > From: "Charlie" > To: > Sent: Tuesday, April 09, 2002 4:40 AM > Subject: Re: Hardening Ports? [7:40852] > > > > Thank you, Sam. Your instructions were clear and simple to follow. I was > > refering to a Windows system. I gave it a try and already idenitified > open > > ports (which I also learned from using WS PingPro). I will now attempt to > > close/end some services. Thanks again. > > > > Charlie > > > > ""sam sneed"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Which operating systems? > > > > > > On windows the most common way to to disable services from the control > > > panel. Do a netstat -an to see which ports are open. Then you can > shutdown > > > services that have those ports open. > > > > > > On UNIX/LINUX you can do the same netstat -an. Most of the services can > be > > > disabled in inetd.conf or xinted.conf. Just comment them out and restart > > > inetd daemon. Also services are started from startup scripts which are > in > > > different locations on different versions of UNIX and Linux. > > > > > > ""Charlie"" wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Hello, all :-) > > > > > > > > I was hoping one (or many) of you could help me with a question I > have: > > > how > > > > do I lock-down ports on a server? I know how to lock them down on > > > firewalls > > > > and routers, but how to do it on a server is my question. I know it's > a > > > > general question but any assistance would be most appreciated. > > > > > > > > Truly, > > > > Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40878&t=40852 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Hardening Ports? [7:40852]
You can also try using the IP Filtering feature from Windows NT/2000. It should be under the advanced configuration for TCP/IP. cheekin - Original Message - From: "Charlie" To: Sent: Tuesday, April 09, 2002 4:40 AM Subject: Re: Hardening Ports? [7:40852] > Thank you, Sam. Your instructions were clear and simple to follow. I was > refering to a Windows system. I gave it a try and already idenitified open > ports (which I also learned from using WS PingPro). I will now attempt to > close/end some services. Thanks again. > > Charlie > > ""sam sneed"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Which operating systems? > > > > On windows the most common way to to disable services from the control > > panel. Do a netstat -an to see which ports are open. Then you can shutdown > > services that have those ports open. > > > > On UNIX/LINUX you can do the same netstat -an. Most of the services can be > > disabled in inetd.conf or xinted.conf. Just comment them out and restart > > inetd daemon. Also services are started from startup scripts which are in > > different locations on different versions of UNIX and Linux. > > > > ""Charlie"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Hello, all :-) > > > > > > I was hoping one (or many) of you could help me with a question I have: > > how > > > do I lock-down ports on a server? I know how to lock them down on > > firewalls > > > and routers, but how to do it on a server is my question. I know it's a > > > general question but any assistance would be most appreciated. > > > > > > Truly, > > > Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40872&t=40852 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Hardening Ports? [7:40852]
Charlie, As others noted, it depends on your OS. I would recommend doing a search on google for "your OS"+hardening. You'll probably find what your looking for. Also consult your vendors web site and http://www.sans.org for more info. HTH, Kent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Charlie Sent: Monday, April 08, 2002 12:51 PM To: [EMAIL PROTECTED] Subject: Hardening Ports? [7:40852] Hello, all :-) I was hoping one (or many) of you could help me with a question I have: how do I lock-down ports on a server? I know how to lock them down on firewalls and routers, but how to do it on a server is my question. I know it's a general question but any assistance would be most appreciated. Truly, Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40861&t=40852 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Hardening Ports? [7:40852]
Patrick - I was refering to TCP/IP ports. Thanks for your reply. Sam's message came in very handy and answered my question as well. Thanks again. Charlie ""Patrick Ramsey"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > do you men ethernet ports or tcpip ports? > > Ethernet ports are done in the driver autonegotiate/speed/duplex settings > > locking down tcpip ports is entirely different. TCPwrappers will wrap > daemons and applications under *nix... not so sure there is an equivalent > for microsoft or novellTCPWrappers just handles the negotiation really > between the client and daemon. > > -Patrick > > >>> Charlie 04/08/02 03:50PM >>> > Hello, all :-) > > I was hoping one (or many) of you could help me with a question I have: how > do I lock-down ports on a server? I know how to lock them down on firewalls > and routers, but how to do it on a server is my question. I know it's a > general question but any assistance would be most appreciated. > > Truly, > Charlie > > Confidentiality DisclaimerThis email and any files transmitted with it may contain confidential and > /or proprietary information in the possession of WellStar Health System, > Inc. ("WellStar") and is intended only for the individual or entity to whom > addressed. This email may contain information that is held to be > privileged, confidential and exempt from disclosure under applicable law. If > the reader of this message is not the intended recipient, you are hereby > notified that any unauthorized access, dissemination, distribution or > copying of any information from this email is strictly prohibited, and may > subject you to criminal and/or civil liability. If you have received this > email in error, please notify the sender by reply email and then delete this > email and its attachments from your computer. Thank you. > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40858&t=40852 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Hardening Ports? [7:40852]
Thank you, Sam. Your instructions were clear and simple to follow. I was refering to a Windows system. I gave it a try and already idenitified open ports (which I also learned from using WS PingPro). I will now attempt to close/end some services. Thanks again. Charlie ""sam sneed"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Which operating systems? > > On windows the most common way to to disable services from the control > panel. Do a netstat -an to see which ports are open. Then you can shutdown > services that have those ports open. > > On UNIX/LINUX you can do the same netstat -an. Most of the services can be > disabled in inetd.conf or xinted.conf. Just comment them out and restart > inetd daemon. Also services are started from startup scripts which are in > different locations on different versions of UNIX and Linux. > > ""Charlie"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hello, all :-) > > > > I was hoping one (or many) of you could help me with a question I have: > how > > do I lock-down ports on a server? I know how to lock them down on > firewalls > > and routers, but how to do it on a server is my question. I know it's a > > general question but any assistance would be most appreciated. > > > > Truly, > > Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40855&t=40852 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Hardening Ports? [7:40852]
do you men ethernet ports or tcpip ports? Ethernet ports are done in the driver autonegotiate/speed/duplex settings locking down tcpip ports is entirely different. TCPwrappers will wrap daemons and applications under *nix... not so sure there is an equivalent for microsoft or novellTCPWrappers just handles the negotiation really between the client and daemon. -Patrick >>> Charlie 04/08/02 03:50PM >>> Hello, all :-) I was hoping one (or many) of you could help me with a question I have: how do I lock-down ports on a server? I know how to lock them down on firewalls and routers, but how to do it on a server is my question. I know it's a general question but any assistance would be most appreciated. Truly, Charlie > Confidentiality Disclaimer This email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. ("WellStar") and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or civil liability. If you have received this email in error, please notify the sender by reply email and then delete this email and its attachments from your computer. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40854&t=40852 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Hardening Ports? [7:40852]
Which operating systems? On windows the most common way to to disable services from the control panel. Do a netstat -an to see which ports are open. Then you can shutdown services that have those ports open. On UNIX/LINUX you can do the same netstat -an. Most of the services can be disabled in inetd.conf or xinted.conf. Just comment them out and restart inetd daemon. Also services are started from startup scripts which are in different locations on different versions of UNIX and Linux. ""Charlie"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello, all :-) > > I was hoping one (or many) of you could help me with a question I have: how > do I lock-down ports on a server? I know how to lock them down on firewalls > and routers, but how to do it on a server is my question. I know it's a > general question but any assistance would be most appreciated. > > Truly, > Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40853&t=40852 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]