Date: Thu, 22 Apr 1999 17:02:42 -0600 (MDT) From: Adam Ulmer <ulmer@ulmer.iserver.net> To: iratus@home.com Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Security Message-ID: <Pine.BSI.3.95.990422165349.17653C-100000@ulmer.iserver.net> In-Reply-To: <199904200413.VAA00549@CC602670-A.flrtn1.occa.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
A firewall is not needed if you harden the machine -- don't run services you don't need, don't run services that have know overflows, don't run services that are not properly configured, and use unique passwords that cannot be found in a dictionary. Additionally, use ssh/slogin and scp instead of telnet/rsh and ftp. If you are paranoid, use tcp-wrappers, disable remote root logins, etc. A firewall is NOT automatic protection. If you have machines that you cannot harden (ie: anything running software from that vile company in Redmond, Washington), you may opt for a firewall, but you must harden it, too. Adam On Mon, 19 Apr 1999, jeff wrote: > Hello-I realize this may not be the appropriate list but I am > a little confused at this point-I use cable modem to assess the > internet. I have disabled inetd as well as portmap and nfs services > and have only xntpd running in the background. This is a single > machine on which I run both my school work (which is not critical) > and my business (legal research which is both critical and must > be protected from intrusion) and as yet have no evidence of intrusion. > Still I need to KNOW that I have maxed out the available protection. > I am considering running a basic firewall using ipfw which I think needs > natd also. I can follow directions and although I don't program I am able to > do most of the basic buuilding and installing of the software. Basic problem is > I can't seem to find an explanation 1) how the parts fit together and > 2) how to do the basic configuration, especially the rule set needed. Any > pointers or any info at all for that matter, on these two points will be greatlyappreciated. Thanks in advance- Jeff Phillips > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.95.990422165349.17653C-100000>