Re: exploits and vulnerabilities?
On Thu, Jun 01, 2000 at 04:25:30PM -0400, Paul Tod Rieger wrote:
> I've minimized the number of services on my firewall as much as my network
> requirements allow -- and double-checked the ports with nmap. All of them
> are Debian packages, except for RealServer.
> How do I learn more about the exploits/vulnerabilities to which those
> services are susceptible? Do I even need to worry about this -- or is it
> enough (reasonably) to keep up with the latest package updates?
Some good sites for exploits/vulnerabilities off the top of my head:
www.securityfocus.com (be sure to subscribe to Bugtraq if you haven't
www.insecure.org (nmap site, has an exploit page somewhere)
Also, make sure most/none of the machine's services are/is running as
root if you can help it. I dunno what UID RealServer needs to run as,
but hopefully it doesn't require root privileges.
It's definitely a good idea to keep up on your Debian packages. If you
are running "stable" ("slink") you should periodically check the home
page or security page for changes.
If you are running sendmail and/or BIND on that machine, be aware that
there are _much_ more secure replacements: qmail and DNScache. (Though
I'm not sure if there's a Debian package for DNScache, it's easy to
install from source.)