Date: Sat, 9 Feb 2002 15:48:47 -0500 From: "Deepak Jain" <deepak@ai.net> To: "Patrick Fish" <patrick@pwhsnet.compatrick@pwhsnet.com>, <questions@FreeBSD.ORG>, "Sean O'Neill" <sean@seanoneill.info> Subject: RE: Making my box secure Message-ID: <GPEOJKGHAMKFIOMAGMDICEGPJAAA.deepak@ai.net> In-Reply-To: <007201c1b1a4$330a4af0$2300a8c0@zeus>
next in thread | previous in thread | raw e-mail | index | archive | help
It should also be mentioned that several items [like disabling telnet, finger, etc] are all the default setting on 4.5 and have been since 4.4 I think. Security suggestions should always be taken in context with what the box will be doing. If the box is to support public logins, paying customers want what they want [ala telnet or ftp]. If you allow one, there is no specific reason to disallow the other. [think of the saying about a chain and its weakest link] I can assure you that a machine _not_ connected to a network with no keyboard nearby is many times more secure [in terms of the number of successful security violations -- ever] than even an up-to-date server. Its just not very useful. Security is inversely related to usefulness. I don't think anyone has ever been able to disprove it. Deepak Jain AiNET -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Patrick Fish Sent: Saturday, February 09, 2002 2:59 PM To: questions@FreeBSD.ORG; Sean O'Neill Subject: Re: Making my box secure I've looked at other BSD guides, but I never stumbled on this one. Thanks a lot! ----- Original Message ----- From: "Sean O'Neill" <sean@seanoneill.info> To: <patrick@pwhsnet.com>; <questions@freebsd.org> Sent: Saturday, February 09, 2002 11:56 AM Subject: Re: Making my box secure > Have you read and implemented all (or most) the following yet? > > http://draenor.org/securebsd/ > > > At 09:49 AM 2/9/2002 -0800, Patrick Fish (patrick@pwhsnet.com) wrote: > >I have a public FreeBSD 4.5-RELEASE box. I need to make sure they dont > >use possible hacking tools like 'finger' or 'nmap' - Also I need to make > >sure they dont snoop in the system setting files, could someone tell me > >what are some directorys that I should chmod to 700? > >Thanks! > > - > ........................................................ > ......... ..- -. .. -..- .-. ..- .-.. . ... ............ > .-- .. -. -... .-.. --- .-- ... -.. .-. --- --- .-.. ... > > Sean O'Neill > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?GPEOJKGHAMKFIOMAGMDICEGPJAAA.deepak>