Date: Mon, 12 Jan 1998 23:21:38 +0000 From: Karl Pielorz <kpielorz@tdx.co.uk> To: Johnathan Raymond Sconiers II <jrs@Mcs.Net> Cc: freebsd-questions@freebsd.org, freebsd-isp@freebsd.org Subject: Re: Security for isp Message-ID: <34BAA582.F9151DE9@tdx.co.uk> References: <Pine.BSF.3.95.980112133500.21228B-100000@Venus.mcs.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Disable _EVERYTHING_ then pick the ones you need - and only enable them... If your setting up a public access FreeBSD system (or ISP system etc.) - look in the ports collection for things like 'tcpwrappers' - which will disallow or log connections from hosts which don't have reverse DNS addresses, or better still - get a good book on the subject, something like "Building Internet Firewalls ISBN 1-56592-124-0, O'Reilly & Associates, Inc." is a good place to start - even if your not building firewalls in particular... At the end of the day though - remember the motto - if you don't NEED it, don't RUN it... And the more complex the system / program / setup - the more that can go wrong, not only with the software - but with the security of the system... Regards, Karl ps. Don't take this _TOO_ far with BSD, I've heard of people deleting things like the /usr/bin directory - because they didn't _need_ it - it applies more to Servers, Ports etc. on the system - than the actual _BASE_ system - though it might be a good idea not putting things like C compilers on systems running as ISP servers (as not to give any 'visitors' too many tools ;-) - Though at the end of the day some things are worth the 'risk' factor... Johnathan Raymond Sconiers II wrote: > > Hi, sorry to bother you again with isp questions but i wanted know if > there are any things such as daemons, ports/packages that i should > automatically disable. THANKS > > John > > ********************************* > * M C S N E T * > * Johnathan Raymond Sconiers II * > * jrs@mcs.net * > *********************************
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?34BAA582.F9151DE9>