Date: Sun, 1 Nov 1998 22:42:20 +1100 (EST) From: Nicholas Charles Brawn <ncb05@uow.edu.au> To: Dan Langille <junkmale@xtra.co.nz> Cc: security@FreeBSD.ORG Subject: Re: no telnet. how secure? Message-ID: <Pine.SOL.4.02A.9811012226090.184-100000@banshee.cs.uow.edu.au> In-Reply-To: <199811010901.WAA12524@witch.xtra.co.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 1 Nov 1998, Dan Langille wrote: : I don't allow telnet to my box. I'm the only user. I'm running a : webserver, but it's not published. There's no CGI apart from what came : with Apache. How vulnerable is such a machine to attack? I would like to : exclude DOS attacks from this discussion as I feel thats something outside : the scope of this question. As listmembers, we can only really suggest common sense solutions without further information of your network and system setup. But here's my $0.02 worth of advice nevertheless. :) - Don't run services you don't need to run. Edit inetd.conf and rc.conf accordingly. - Compile firewall support into your kernel, or make use of the ipfw loadable kernel module. Learn how to use it effectively. - Learn what files on your system are priviledged (suid/sgid). Then, go through them one by one, and decide whether they *really* need to be priviledged. Robert Watson's tool 'suidcontrol' is well suited to this task: http://www.watson.org/fbsd-hardening/suidcontrol.html - Check recent CERT advisories and FreeBSD Security Advisories, and determine whether your system needs patching/etc. If so, apply them. - Keep abreast of the latest security developments and vulnerability's. Subscribing to mailing lists such as this one and BUGTRAQ is a good start. - If you have users, set appropriate defaults in such files as /etc/profile for umask and other settings that affect security. Url's you should check on a semi-regular basis: - http://www.freebsd.org/security/ FreeBSD's Security Site - http://www.watson.org/fbsd-hardening/ FreeBSD Hardening Project - http://www.best.com/~jkb/howto.txt FreeBSD Security Howto : -- : Dan Langille : The FreeBSD Diary - my [mis]adventures : http://www.FreeBSDDiary.com Hope that's of help, Nick -- Email: ncb05@uow.edu.au - http://rabble.uow.edu.au/~nick Key fingerprint = DE 30 33 D3 16 91 C8 8D A7 F8 70 03 B7 77 1A 2A To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SOL.4.02A.9811012226090.184-100000>