From owner-freebsd-questions Fri Dec 1 11:12:44 2000 Delivered-To: freebsd-questions@freebsd.org Received: from relay.intercom.es (relay.intercom.es [212.66.160.20]) by hub.freebsd.org (Postfix) with ESMTP id 2E83B37B400 for ; Fri, 1 Dec 2000 11:12:41 -0800 (PST) Received: from lix.intercom.es (root@lix.intercom.es [212.66.160.2]) by relay.intercom.es (8.11.1/8.9.3) with ESMTP id eB1J3iM32612; Fri, 1 Dec 2000 20:03:44 +0100 Received: from intercom.es (iv1-214.intercom.es [212.66.168.214]) by lix.intercom.es (8.9.3/8.9.3) with ESMTP id TAA06020; Fri, 1 Dec 2000 19:59:34 +0100 Received: (from megarcia@localhost) by intercom.es (8.11.0/8.11.0) id eB1JD1v01004; Fri, 1 Dec 2000 20:13:01 +0100 (CET) (envelope-from megarcia) Date: Fri, 1 Dec 2000 20:13:01 +0100 From: Manuel Enrique Garcia Cuesta To: Darryl Hoar Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Security steps Message-ID: <20001201201301.B786@ilex.kicelo.org> References: <000b01c05ba8$d5d8c340$0701a8c0@ruraltel.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre2i In-Reply-To: <000b01c05ba8$d5d8c340$0701a8c0@ruraltel.net> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Darryl, === Darryl Hoar escribia (Fri, Dec 01, 2000 at 09:10:25AM -0600): > Greetings, > I am running : > > FreeBSD proxy 4.0-RELEASE FreeBSD 4.0-RELEASE #0: > Mon Mar 20 22:50:22 GMT 2000 > root@monster.cdrom.com:/usr/src/sys/compile/GENERIC > i386 > > on my machine. I have this machine setup to run userland ppp with the auto > and nat flags so > that it provides internet access for my internal lan clients (win98, win95, > NT, HPUX). > > Since this is a dialup link (but it stays up for long periods at a time) do > I have a high security > risk ? With a dialup link, what security steps should be taken on a freshly > installed box ? I guess it depends on whom you ask about it. Being the paranoid type I am, if you ask me I would say you do have a high security risk :) Not that I am an expert, but I would disable the ability to initiate connections from outside. If you still need to access that machine from somewhere else besides your local network then set up ssh. That's it, basically. For the full story you can read http://www.freebsd.org/security/ and http://people.FreeBSD.org/~jkb/howto.html > > thanks, > Darryl HTH Manuel Garcia To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message