From owner-freebsd-hackers  Mon Sep 13  0:14:59 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from smtp02.wxs.nl (smtp02.wxs.nl [195.121.6.60])
	by hub.freebsd.org (Postfix) with ESMTP id D8B931500B
	for <freebsd-hackers@FreeBSD.ORG>; Mon, 13 Sep 1999 00:14:56 -0700 (PDT)
	(envelope-from asmodai@wxs.nl)
Received: from daemon.ninth-circle.org ([195.121.196.52]) by smtp02.wxs.nl
          (Netscape Messaging Server 3.61)  with ESMTP id AAB70A5;
          Mon, 13 Sep 1999 09:14:55 +0200
Received: (from asmodai@localhost)
	by daemon.ninth-circle.org (8.9.3/8.9.3) id JAA89531;
	Mon, 13 Sep 1999 09:07:39 +0200 (CEST)
	(envelope-from asmodai)
Date: Mon, 13 Sep 1999 09:07:38 +0200
From: Jeroen Ruigrok/Asmodai <asmodai@wxs.nl>
To: "James E . Housley" <jim@thehousleys.net>
Cc: freebsd-hackers@FreeBSD.ORG, Nate Williams <nate@mt.sri.com>
Subject: Re: A Challenge
Message-ID: <19990913090738.G89309@daemon.ninth-circle.org>
References: <37D87080.4D44E9C4@thehousleys.net> <199909100504.XAA09058@mt.sri.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.7i
In-Reply-To: <199909100504.XAA09058@mt.sri.com>
Organisation: Ninth-Circle Enterprises
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

* Nate Williams (nate@mt.sri.com) [990910 07:14]:
>In any case, if you install a recent version of FreeBSD, I doubt Mr. NT
>is capable of crashing FreeBSD from externally.  Just make sure he
>doesn't have an account on it, since it's much easier to cause Denial Of
>Service attacks if you don't spend alot of time setting up limits and
>such.

Going even further than what Nate said, remove all accounts you don't
need. Give only accounts to those who need to admin the box, other than
that DO NOT give away accounts.

Make sure the security log files sent by email are being sent to the
correct persons.

Remove /usr/src and compile kernels on a secondary host so you are sure
that compiling stuff on the firewall is hard after a compromise.

Use ssh and ditch telnet.

read security(9)

-- 
Jeroen Ruigrok van der Werven/Asmodai                  asmodai(at)wxs.nl
The BSD Programmer's Documentation Project <http://home.wxs.nl/~asmodai>
Network/Security Specialist        BSD: Technical excellence at its best
If Winter comes, can Spring be far behind?


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message