From owner-freebsd-questions Sat May 26 2: 9:19 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mta6.srv.hcvlny.cv.net (mta6.srv.hcvlny.cv.net [167.206.5.17]) by hub.freebsd.org (Postfix) with ESMTP id DF6AC37B423 for ; Sat, 26 May 2001 02:09:16 -0700 (PDT) (envelope-from trini0@optonline.net) Received: from optonline.net (ool-18be012f.dyn.optonline.net [24.190.1.47]) by mta6.srv.hcvlny.cv.net (iPlanet Messaging Server 5.0 Patch 2 (built Dec 14 2000)) with ESMTP id <0GDX0021FOG2Y1@mta6.srv.hcvlny.cv.net> for questions@FreeBSD.ORG; Sat, 26 May 2001 04:19:14 -0400 (EDT) Date: Sat, 26 May 2001 04:19:13 -0400 From: Gerard Samuel Subject: Re: security question To: david@banning.com Cc: FreeBSD Questions Message-id: <3B0F6700.1D5BA9E@optonline.net> MIME-version: 1.0 X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.12 i386) Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT X-Accept-Language: en References: <200105260324.f4Q3OrH00551@d.tracker> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG David Banning wrote: > I am setting up a small network of Windows desktops that are > accessing the net through a FreeBSD server. If I disable telnet, ftp, > and everything in inetd.conf leaving only http open, what are my > risks? It would be foolish to think that you are untouchable. There are always risks, even with http. http is the way to go for hackers nowadays... > > > I have webadmin running. > I'd would *like* telnet and shell (rshd) to run, so I can telnet > in. I can't imagine how someone could break in to a system, so > I am pretty lost in assessing this risk. Setup ipfilter or ipfirewall, and watch the logs, youll be amazed > > > I know SSH is better for telneting in to the server, but then > it has to be on every machine that you telnet in from. Take the extra steps to do it.... > > > When I hear "don't use telnet unless you have to", I > wonder. I know several sites that have telnet where I can login, > and those places are alot bigger that my little'ol place. > > If I use telnet, is there really such a risk? Only one way to find out, run it..... You should see my ipfilter logs dropping all kind of connections a day, even port 21 (telnet) > > I'm going all over the place here. Maybe someone could reccomend a good > place to learn about this topic? > I started with the FreeBSD Security How-to which is a good starter. Do a google search.. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message