[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: crack traces in /var ?

On Fri, 25 Jul 2003, Andreas von Heydwolff wrote:

> [ Snip most details of computer setup and getting cracked ]

When you install a system, unless its absolutely necessary, install it
from behind a firewall.

Then, before you set up any sort of firewall on the machine, start 
disabling ports - most servers can be configured to listen to only 
the local loopback device or the internal network.  Even without a 
firewall, your system should be secure.  (Hint:  'listen', 'bind', 
'allow from', 'interface', etc in config files to limit what device 
the server listens to, and xinetd to limit those services that 
traditionally start from inetd.)

Your goal is to be able to scan your machine (via nmap), and find 
no unnecessary service listening to the outside interface.  

Then, build up your firewall scripts.

Connect to the internet and do all the security updates.

Finally, use a security scanner from outside your machine ( I 
believe that http://www.grc.com has one [about the only thing 
the site's good for, IMHO]).

You don't want your security system to consist solely of your 
firewall - firewalls are supposed to supplement your defense!

Just my $.02

~ Jesse Meyer

         icq: 34583382 / msn: dasunt@hotmail.com / yim: tsunad

   "We are what we pretend to be, so we must be careful about what we 
    pretend to be." - Kurt Vonnegut Jr : Mother Night

Attachment: pgpNHPlgmMC9t.pgp
Description: PGP signature

Reply to: