From owner-freebsd-security Tue Mar 25 11:46:21 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 12CDD37B401 for ; Tue, 25 Mar 2003 11:46:17 -0800 (PST) Received: from bodb.mc.mpls.visi.com (bodb.mc.mpls.visi.com [208.42.156.104]) by mx1.FreeBSD.org (Postfix) with ESMTP id 61AEE43F75 for ; Tue, 25 Mar 2003 11:46:16 -0800 (PST) (envelope-from hawkeyd@visi.com) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by bodb.mc.mpls.visi.com (Postfix) with ESMTP id A8F574A72; Tue, 25 Mar 2003 13:46:15 -0600 (CST) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6/8.11.6) id h2PJkFV14510; Tue, 25 Mar 2003 13:46:15 -0600 (CST) (envelope-from hawkeyd) Date: Tue, 25 Mar 2003 13:46:14 -0600 From: D J Hawkey Jr To: nigel.houghton@sourcefire.com Cc: GiZmen , "freebsd-security@FreeBSD.ORG" Subject: Re: your mail Message-ID: <20030325134614.A14445@sheol.localdomain> Reply-To: hawkeyd@visi.com References: <20030325190131.GA3776@blurp.one.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: ; from nigel@sourcefire.com on Tue, Mar 25, 2003 at 02:18:24PM -0500 X-Spam-Status: No, hits=-31.9 required=5.0 tests=AWL,EMAIL_ATTRIBUTION,IN_REP_TO,QUOTED_EMAIL_TEXT, RCVD_IN_UNCONFIRMED_DSBL,REFERENCES,REPLY_WITH_QUOTES, USER_AGENT_MUTT autolearn=ham version=2.50 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mar 25, at 02:18 PM, Nigel Houghton wrote: > > You might want to enable ipfw (or some firewall of your choice) and employ > the judicious use of rules. Use Snort to monitor the network. The thing > is, it really all depends on your setup, do you use a single host or do > you have a small home network, do you serve up web sites or run a mail > server, do you require remote access to your hosts or local only? All > these things (and many others) have an impact on what you should be > looking at to secure your environment. "Might want to enable [a firewall]..." ?! IMHO, you _must_ employ a firewall! The 'net is not the friendly, trusted, and scholastic environment it once was. Even Microsquish(tm) put one in XP Home Edition; if _they_ think it must be done, well... ;-, I filter outgoing packets too, and I know others that do as well, but maybe we're just over-zealous. You might want to look at Tripwire. It's not necessarily "light-weight", but it's good. Mail filters are a must now, if you ask me. Spam accounts for the majority of incoming mail anymore in an unfiltered environment. Don't use NFS or Samba on a public interface. That just begs for trouble. Ditto FTP and telnet. Use SSH, and keep the allowable hosts lists short and trustable. > My advice would be to think about what you want to achieve, write down > everything you want to do and explore solutions. Google is your friend. Yes, planning is everything. "Measure twice, and cut once.". Think about a DMZ if you're going to advertise public web, mail, etc., servers. These opinions are not of my employers', as I currently don't have one. Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message