[CTS] Re: Linux?
- From: "Eric C. Vogel" <ecvogel@xxxxxxxxx>
- To: <computertalkshop@xxxxxxxxxxxxx>
- Date: Tue, 30 Jan 2001 20:34:07 -0500
How would you know if Telnet server is running under NT 4 Server Sp-6a
(Small Business Server 4.5 (IIS 4, Exchange 5.5 SP 3 (OWA (Outlook Web
Access)), MS Proxy 2, SQL 7 (Nothing using it, not loaded, Arcserve 6.5.X
SP2)? I don't recall seeing anything under Services. I am not at work so I
cannot check. Our E-mail is retrieved from the Outlook 2k client, not
throught the Exchange extention. Website is hosted externally. Our server
runs IIS 4 for SBS tools, and our website, which has nothing just the
default SBS page. With the proper URL, can access Exchange through the web
browser, and 2 VPN ports. 2 users cannot access the server externally till
they put passwords on their account. (There are only 4 of us. I am the only
computer person there.)
Thank you,
Eric Vogel
-----------------------------------------------------------------------
Eric Vogel -- NTug Member -- ICQ# 1452761
-
A professional is someone who can do his best work when he doesn't feel like
it. -- Alistair Cooke
-
Computer Talk Shop List Owner: http://www.questforcertification.com/cts
-----------------------------------------------------------------------
----- Original Message -----
From: "Lynn" <landerso@xxxxxxxxxx>
To: <computertalkshop@xxxxxxxxxxxxx>
Sent: Tuesday, January 30, 2001 7:56 PM
Subject: [CTS] Re: Linux?
>
> TS152@xxxxxxxxxxxxxxxxxxx wrote:
> >
> > Security-wise, what documentation is available on how to lock down
redhat
> > linux 6.2 ... or any other linux distribution, for that matter? Let's
say
> > I want to put my Linux server out on the internet, how can I protect it
> > from getting hacked?
> >
> Firstly, you mean cracked. Hackers do not break into servers, they play
> with computers. Hackers have enough of their own computers, they don't
> need to mess with yours. Most of the types that try to crack computers
> are crackers, phreakers, and skr1pt k1dd13z. These are lowers forms of
> life than most of us, and usually very, very stupid. Occasionally,
> you'll hit a smart cracker, but most of the time they're dumb as a pole.
>
> Now, as for security. Securing a machine, ANY machine, is a BIG
> question. As a basic rule of thumb, monitor CERT, l0pht and the
> rootshell mailing lists for advisories. These are the lists that
> professional sysadmins monitor. The URLS:
>
> http://www.cert.org
> http://www.l0pht.com
> http://www.rootshell.com
>
> Buy Practical Unix Security published by O'Reilly(a rule of thumb that
> will save you many thousands of dollars: all O'Reilly books are worth
> buying. Most UNIX sysadmins don't even have to read the back of an
> O'Reilly book before buying it. They're all worth their weight in gold,
> and you'll never regret buying an O'Reilly book). That will give you a
> grounding in basic security measures. Install nmap, sniffit, and
> tripwire. Either have logs e-mailed to you daily or have them printed
> out by a dot-matrix printer attached to the server. nmap will tell you
> what ports you have open(it's probably a good idea to just completely
> shutdown inetd). sniffit is a packet sniffer, it lets you watch what's
> going over the wire. tripwire creates a database of file permissions,
> dates, sizes and checksums. Store this database on read-only media,
> have tripwire run nightly. tripwire will send out alerts if any files
> or directories are changed on the server. Watch the system like a
> hawk. Especially watch for directories like ".. " and lrk4 or lrk5
> suddenly popping up. If they do, you have a skr1pt k1dd13.
>
> Shut down ALL unnessecary services. If you are only hosting a website,
> the maximum ports you should have open are ssh, http and ftp. Don't use
> WU-FTPD, it's bug-ridden. Use ProFTPD, have it lock ALL users uploading
> webpages in a chroot jail in their home directories. NEVER USE TELNET!
> Telnet is a MASSIVE security hole! DON'T USE TELNET! Use OpenSSH.
> OpenSSH goes through regular security audits of the source code.
> portmapper, the r commands are massive security holes.
>
> It's a personal decision as to whether or not you want to run sendmail
> for e-mail service. UNIX machines don't handle life without a mail
> server well. Either postfix or qmail are MUCH more secure. Sprint
> Canada's dialup service uses postfix for e-mail, Hotmail runs qmail.
> Just about everybody else, though, uses sendmail.
>
> It is very important to watch a machine. If you're ultra-paranoid,
> sniffit can be run to log the contents of all packets going over the
> wire. Log messages are critical for telling you what might be happening
> to the machine. For example, if you're port-scanned, the log will show
> null connections to just about every port on the machine. You'll
> probably want to nuke sudo.
>
> --------------------------------------------------------------------------
-
> -----
> Computer Talk Shop
> To un-subscribe, http://questforcertification.com/cts/unsubscribe.htm
>
> List HowTo: http://questforcertification.com/cts/faq
>
> To join Computer Talk Shop's off topic list, please goto:
> http://questforcertification.com/cts/other_cts_lists.htm
> --------------------------------------------------------------------------
-
> ------
>
---------------------------------------------------------------------------
-----
Computer Talk Shop
To un-subscribe, http://questforcertification.com/cts/unsubscribe.htm
List HowTo: http://questforcertification.com/cts/faq
To join Computer Talk Shop's off topic list, please goto:
http://questforcertification.com/cts/other_cts_lists.htm
---------------------------------------------------------------------------
------
Other related posts:
