Re: security in general
From: "Ingmar Schrey" <keunigk@gmx.net>
Real system administrators are a bit paranoid I´m told...
...so that´s ok I think. ;)
hehe they *made* me paranoid!
- use things like tripwire (but that´s only 100% safe if you set it up
before the machine´s connected to the net the first time)
Yeah I wanted to do that, but unfortunately I already had it connected for
like 24h or so. I could still do that, but I guess if I wanna do it right,
I'd have to reinstall the box.. Stupid me :(
- switch to 2.4.x Kernel (use iptables instead of ipchains),
Why?
- replace inetd with a more secure service
I don't use inetd, it is disabled.
- chroot jails
I'll have to look into this, but
- use proxy servers instead of routing/masquerading over the firewall
When all internal clients are 100% trustworthy I should do this as well?
And: won't it up the requirements for the machine? I have a p166 laptop as
a server right now (let the power-outage come, I don't care for about 3
hours. Of course, I can't use the clients then so it's useless anyway, but
it protects data-integrity ;) And it's quite small and it hardly makes any
noise :))
- pull the plug? :))
I actually do that sometimes :) When I see activity on the outgoing network
and there's no-one that activated it I sometimes pull the plug to make sure.
[logcheck]
you could make ipchains log to a separate file instead of
/var/log/messages...
...or you could switch off logging unwanted stuff in ipchains rules?
don´t know logcheck...
Every x minutes/hours it checks the logs for certain events and mails it to
the address of your choice (like firewall-hits).
Yeah I could switch off logging, but then I'd have 0 info on anything that
happens.
I donnow, somehow the info is useless, but not having it just doesn't sound
right :]
Nathan Valentine - nathan@uky.edu
Sounds like you've almost everything covered. About the only things I
could recommend would be to run nessus against yourself and install
snort in IDS mode.
I could try that, I'd have to look up some info on the program. I assume
nessus checks for known vulnerabilities? Sounds ok, never hurts.
As for snort in IDS mode, snort is like tripwire right? Hmm that means
someone is already inside the system and it's too late already..
Will have to read up on it tho :)
From: "Karl E. Jorgensen" <karl@jorgensen.com>
kjfsgjks: You probably have a real name. Why not use it?
I dislike giving out real names, especially to hotmail etc.
I'm sorry for the total lack of any resemblance to a real (/fake) name, I
can see how that is irritating. I will change it after this mail.
Are your users using passive mode FTP? If so, then you can block
off the high port numbers too.
Active and passive, so I need the high ports as well. Some programs can't be
set to passive ftp.
Thanks to all who responded and took the time to read the mail. I'm still
open to suggestions and will definitely look into them!
Tubby
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Reply to: