Re: Req: Security Advice

Fri, 3 Dec 1999 20:56:12 -0800 

Hi Joe

As pointed out elsewhere, not everything runs out of inetd , and the
question you asked involves a good deal of investigating before you will
have a reasonable understanding of the threats, but unless you plan to not
sleep, and become a dedicated security expert, its very hard to keep on top
of  (this does not mean give up  ! )

What you have done is a first step, read all you can on inetd + other
security topics, try to get an idea of what your security policy will need
to be, ask yourself questions like,  

 do I need to offer the world anon FTP ? 
do I need a world readable webserver?
 do I need a webserver at all?
do I need NFS ?

etc etc 

You also have to evaluate where your threats are, no good being almost
impenetrable from the net if you have your server in a public area and 30
employees have physical access, then your security policy would have to
include additions to protect the host from them as well.

Also its worth noting that some software, even when not enabled or used,
poses a security threat under certain conditions, and having a connection
to the Internet poses a threat....."period" and therefore will never be
100% secure (no such thing) 

Also I think its worth asking yourself.....What am I protecting.........

Michael Warfield has written a couple of articles here

http://linuxworld.com/linuxworld/lw-1999-05/lw-05-ramparts.html
http://linuxworld.com/linuxworld/lw-1999-07/lw-07-ramparts.html


 
*********** REPLY SEPARATOR  ***********

On 3/12/99 at 15:18 Joseph Wagner wrote:

>I have a stand alone RHAT 6.0 machine at home.  I recently setup Internet
>access on this machine and want to know how to keep it from being hacked.
>
>I added the line
>ALL: ALL
>to the hosts.deny file, and I added the line
>ALL: 127.0.0.1 127.0.0.0
>to the hosts.allow file.
>
>Is this sufficient for a standalone machine or do I need more security?
>Should I use IPCHAINS?  If so, what should I set the chains to be?  In
>considering chains, please remember that this is a standalone machine at
my
>home.
>
>Any help would be appreciated.
>
>Thanks in advance.
>
>Joe Wagner


Regards

Greg W
IT Consultant Sydney Australia

-- 

*** Please trim any replies ***
*** Please turn off HTML in your email ***
*** Please don't use the list for test messages ***
*** Why not read the archives? http://moongroup.com/redhat.phtml ***


-- 
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.

Reply via email to