Re: Help. My system cracked and used to spam

To: "David Teague" <teague@jackson.main.nc.us>
Cc: <debian-user@lists.debian.org>
Subject: Re: Help. My system cracked and used to spam
From: "Paul Smith" <pausmith@nortelnetworks.com>
Date: 09 Aug 2002 00:24:49 -0400
Message-id: <[🔎] p5lm7g8xri.fsf@lemming.engeast.baynetworks.com>
Reply-to: "Paul Smith" <pausmith@nortelnetworks.com>
In-reply-to: <[🔎] 01ec01c23f58$af75cc80$8806fea9@Gandalf>
References: <[🔎] 20020808192410.GA1970@leeds> <[🔎] Pine.LNX.4.21.0208082320450.18715-100000@sol.cs.wcu.edu> <[🔎] 20020809133943.A1481@chrisk.sw.oz.au> <[🔎] 01ec01c23f58$af75cc80$8806fea9@Gandalf>

%% "David Teague" <teague@jackson.main.nc.us> writes:

  dt> It is a stock 2.0 install from CDs with Exim installed and setup
  dt> by the scripts. Nothing particular was done to prevent entry.
  dt> What does "Properly locked down" mean?

Ouch.  First and foremost, it means that you've applied all security
updates.  I'm sure there are a number of security holes, some maybe
well-known, in a system that old with no security updates installed.
Go to http://debian.org and take a look at the number of security holes
plugged in just the last month... and 2.0 is years old.

It doesn't have to be an error in your configuration; there are bugs in
the software that can let crackers through even if your configuration is
correct.

Note that Debian 2.0 old enough that no more security updates are being
generated for it, so you want to install a newer version of Debian which
is still supported.  At this point you probably want Woody (since we
don't know exactly how much longer Potato will be supported).

Then, you should add the security updates site to your .deb sources (the
Woody install asks if you want to do this--say yes!)  Optionally you can
install software that will automatically download security updates and
notify you about them.

Also, you should subscribe to the debian-security mailing list so you
get notified when security holes are fixed.

And finally, you should install the security updates as soon as possible
after they're released.


That's just to protect yourself from bugs in software.  It doesn't
discuss what "bugs" you may have in your configuration of the software
that could let crackers in.  In general the rule is (a) don't install or
enable any software, especially network software, on your system you
don't need, and (b) use a firewall of some kind to restrict access to
your network or system except on the specific ports which require it.
We can't know what those are unless we know what services you need to
provide from the server.

-- 
-------------------------------------------------------------------------------
 Paul D. Smith <pausmith@nortelnetworks.com> HASMAT--HA Software Mthds & Tools
 "Please remain calm...I may be mad, but I am a professional." --Mad Scientist
-------------------------------------------------------------------------------
   These are my opinions---Nortel Networks takes no responsibility for them.

Reply to:

Follow-Ups:
- Several good suggestions Re: Help. My system cracked and used to spam
  - From: "David Teague" <teague@jackson.main.nc.us>

References:
- Re: should . be followed by doublespace?
  - From: David Jardine <david@jardine.de>
- Help. My system cracked and used to spam
  - From: David Teague <dbt@cs.wcu.edu>
- Re: Help. My system cracked and used to spam
  - From: Chris Kenrick <chrisk@aurema.com>
- Re: Help. My system cracked and used to spam
  - From: "David Teague" <teague@jackson.main.nc.us>

Prev by Date: How to use "dpkg -i" properly? (How to find missing packages?)
Next by Date: How to config AC97 Intel modem - woody & kernel 2.4.18?
Previous by thread: Re: Help. My system cracked and used to spam
Next by thread: Several good suggestions Re: Help. My system cracked and used to spam
Index(es):
- Date
- Thread