From owner-freebsd-questions  Thu Jun  8 19:19: 6 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from smtpsrv0.isis.unc.edu (smtpsrv0.isis.unc.edu [152.2.1.139])
	by hub.freebsd.org (Postfix) with ESMTP id 3646F37C107
	for <freebsd-questions@FreeBSD.ORG>; Thu,  8 Jun 2000 19:19:03 -0700 (PDT)
	(envelope-from crimsun@email.unc.edu)
Received: from login3.isis.unc.edu (login3.isis.unc.edu [152.2.1.100])
	by smtpsrv0.isis.unc.edu (8.9.3/8.9.1) with ESMTP id WAA07705;
	Thu, 8 Jun 2000 22:19:01 -0400 (EDT)
Received: (from crimsun@localhost)
	by login3.isis.unc.edu (8.9.3/8.9.3) id WAA97634;
	Thu, 8 Jun 2000 22:19:00 -0400
Date: Thu, 8 Jun 2000 22:18:59 -0400 (EDT)
From: "Daniel T. Chen" <crimsun@email.unc.edu>
X-Sender: crimsun@login3.isis.unc.edu
To: "David J. Kanter" <djkanter@nwu.edu>
Cc: FreeBSD questions <freebsd-questions@FreeBSD.ORG>
Subject: Re: Security for a lonely desktop
In-Reply-To: <20000608174110.A24158@localhost.localdomain>
Message-ID: <Pine.A41.4.21L1.0006082214350.93684-100000@login3.isis.unc.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

David,
	There is no better prevention than proactivity.  Although it may
seem extreme to secure a dialup machine, virtually every situation is one
where making sure one's machine is less exploitable is desirable.  My
suggestion is to at least disable the services in /etc/inetd.conf.  Also,
adding "ALL: ALL" to /etc/hosts.deny requires no more than several
seconds (do it just to be safe ;-).  Anything beyond that, well, that's
your choice (as it still is!  ;-).

dtc

---
Daniel T. Chen
crimsun@sausage.masticators.org

On Thu, 8 Jun 2000, David J. Kanter wrote:

> I run FreeBSD on a desktop, hook up to the Internet via a modem (with
> dynamic IP address assigning) and am the only user of this machine. Is
> security that much of an issue for someone like me, such that I'd have to
> make changes to the default FreeBSD set up?
> 
> I've read about closing down inetd services that I'd never use: telnet, ftp,
> etc. Even turning off the sendmail daemon. Or, compiling a firewall into my
> kernel. But are these really necessary for a guy like me?
> 
> I'm interested in what people have to say.
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message