Re: Hacking RH 6.2

[Kalum / Grendel <kalum lintux cx>]

On  Wed, 28 Mar 2001, Matt Drew commented thusly,

> 
> All of these suggestions that everyone has come up with are excellent but
> I want to emphasize something on security.  The number one problem that we
> see in support is that people don't apply the necessary security update
> rpms to their systems.  I just want to make this very clear:
> 
> If you install a stock 6.1 or 6.2 machine and expose it to the Internet,
> you can expect a compromise within days if not hours.

Not necessarily, it depends on what sort of ports you want to keep open.
The key is figuring what servies you want to offer, if you want to provide
only ftp services, then you can upgrade to the latest version of the ftp
server, and block the other ports using a firewall.

So installing a good firewall (there are a lot out there on
freshmeat.net), and keeping only the minimum necessary ports open, is the
best thing. And also you can get a friend to perform a remote scan of your
host using a good tool like nmap and see what it reports about the ports
which are open.

Keeping a minimum amount of ports open with a good firwall that logs
attempts is the best way IMHO.
 
Best Wishes,
Grendel


-- 
.---------------------.---------------------.----{)--.
| /"__ ._ _  _  _| _ |`- grendel lintux cx -'(]__/|| |
| \__/ | (-'| |(_|(-'l_ `-===============-' [_]  .-: |
`--------------------------------------------/|\/| |-'

all your .sig are belong to us.