From owner-freebsd-questions Sat Feb 9 12:51: 5 2002 Delivered-To: freebsd-questions@freebsd.org Received: from venom.ai.net (venom.ai.net [205.134.190.250]) by hub.freebsd.org (Postfix) with ESMTP id 4E7C637B417 for ; Sat, 9 Feb 2002 12:50:59 -0800 (PST) Received: from blood (pool-138-88-74-86.res.east.verizon.net [138.88.74.86]) by venom.ai.net (8.11.1/8.9.3) with SMTP id g19KKGc22412; Sat, 9 Feb 2002 15:20:18 -0500 (EST) (envelope-from deepak@ai.net) Reply-To: From: "Deepak Jain" To: "Patrick Fish" , , "Sean O'Neill" Subject: RE: Making my box secure Date: Sat, 9 Feb 2002 15:48:47 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 In-Reply-To: <007201c1b1a4$330a4af0$2300a8c0@zeus> Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG It should also be mentioned that several items [like disabling telnet, finger, etc] are all the default setting on 4.5 and have been since 4.4 I think. Security suggestions should always be taken in context with what the box will be doing. If the box is to support public logins, paying customers want what they want [ala telnet or ftp]. If you allow one, there is no specific reason to disallow the other. [think of the saying about a chain and its weakest link] I can assure you that a machine _not_ connected to a network with no keyboard nearby is many times more secure [in terms of the number of successful security violations -- ever] than even an up-to-date server. Its just not very useful. Security is inversely related to usefulness. I don't think anyone has ever been able to disprove it. Deepak Jain AiNET -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Patrick Fish Sent: Saturday, February 09, 2002 2:59 PM To: questions@FreeBSD.ORG; Sean O'Neill Subject: Re: Making my box secure I've looked at other BSD guides, but I never stumbled on this one. Thanks a lot! ----- Original Message ----- From: "Sean O'Neill" To: ; Sent: Saturday, February 09, 2002 11:56 AM Subject: Re: Making my box secure > Have you read and implemented all (or most) the following yet? > > http://draenor.org/securebsd/ > > > At 09:49 AM 2/9/2002 -0800, Patrick Fish (patrick@pwhsnet.com) wrote: > >I have a public FreeBSD 4.5-RELEASE box. I need to make sure they dont > >use possible hacking tools like 'finger' or 'nmap' - Also I need to make > >sure they dont snoop in the system setting files, could someone tell me > >what are some directorys that I should chmod to 700? > >Thanks! > > - > ........................................................ > ......... ..- -. .. -..- .-. ..- .-.. . ... ............ > .-- .. -. -... .-.. --- .-- ... -.. .-. --- --- .-.. ... > > Sean O'Neill > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message