On Sun Jul 28, 2002 at 10:17:41PM -0700, David Guntner wrote: > Thanks to all for the suggestions of snort and tripwire. Once I get my > system back up on its feet, I plan on installing both to keep an eye on my > system.
Both are extremely good tools and should be a part of everyone's overall security plan. > I'm also going to make sure that my FTP server and sshd server are > listening to non-standard ports, to make it harder for someone to find an > access point. This is trivial. An nmap scan will give an attacker an idea within seconds of where these ports have been re-located. Security through obscurity is no security at all. You're better off to disable FTP if you don't need it, or if you do, configure your firewall to only allow connections from certain IPs. Likewise for ssh. If you're making it semi-public (ie. you need to be able to connect from previously-unknown IPs), you may as well leave them where they are and work on hardening other parts of your system. Putting FTP on port 2020 and SSH on port 4022 will only give you a false sense of security. -- MandrakeSoft Security; http://www.mandrakesecure.net/ "lynx -source http://www.freezer-burn.org/bios/vdanen.gpg | gpg --import" {GnuPG: 1024D/FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
msg56625/pgp00000.pgp
Description: PGP signature
