At 03:27 AM 4/6/2001 +0200, you wrote:
On Thu, Apr 05, 2001 at 01:40:54PM -0700, Eric N. Valor wrote: > > I work from a default-deny stance. Usual things to then allow in would be > 25 (smtp), 80 (http), 22 (ssh, although be careful here), 53-UDP (DNS, if This strickes me as odd, warning to be careful with ssd in the same sentence were http and bind are mentioned without any warnings. Or am I missing something?
Well, most folks like to connect to the Web, so port 80 is a must for that (it's 2-way on the same port). 53 is required only if you're running BIND so other servers can make information requests. But I warned about SSH because unless you're checking logs or have some other reporting system it's a way for someone to brute-force into your system. I've seen way too many bad username/password combinations and quite a lack of vigilance to not put up a warning. Also, there was an exploit put out on BugTraq a while ago regarding SSH-1. I use ssh on my external systems, but only where the security requirement is medium-low. Even then I make it a point to keep my eye on the logs. And an IDS isn't a bad idea, either.
-- Eric N. Valor Webmeister/Inetservices Lutris Technologies eric.valor@lutris.com - This Space Intentionally Left Blank -