[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: crack traces in /var ?

Jesse Meyer wrote:
On Fri, 25 Jul 2003, Andreas von Heydwolff wrote:

[ Snip most details of computer setup and getting cracked ]

When you install a system, unless its absolutely necessary, install it
from behind a firewall.

Then, before you set up any sort of firewall on the machine, start disabling ports - most servers can be configured to listen to only the local loopback device or the internal network. Even without a firewall, your system should be secure. (Hint: 'listen', 'bind', 'allow from', 'interface', etc in config files to limit what device the server listens to, and xinetd to limit those services that traditionally start from inetd.)

I was a bit sloppy on this - my previous install was better in that respect.

Your goal is to be able to scan your machine (via nmap), and find no unnecessary service listening to the outside interface.

IS running nessus from within aimed at eth0 with the outside IP address equivalent? This is what I did earlier.

Then, build up your firewall scripts.

Connect to the internet and do all the security updates.

A secured Woody as the firewall box should make it viable to run SID inside the network again, wouldn't it?

Finally, use a security scanner from outside your machine ( I believe that http://www.grc.com has one [about the only thing the site's good for, IMHO]).

grc.com is a good start.

http://check.lfd.niedersachsen.de/start.php is more comprehensive, provided by the Data Protection Registrar of the federal state of Niedersachsen in Germany.

(For those who want to use it: The first button is to confirm that the displayed IP address is indeed yours, the second button starts the test. Page two displays three buttons in the top row "start self-test", "stop ..." and "... WITHOUT ("ohne") SSL" and you can select only a phase 1, 2 or 3 with the buttons beneath.)

BTW, "TIP", the ZIP cartridge testing program from grc.com is excellent. It checks and if necessary disables flakey sectors on ZIP disks, moving data to the 10% spare sectors provided on disks for this purpose by Iomega. Needs to be run from Windows though.

You don't want your security system to consist solely of your firewall - firewalls are supposed to supplement your defense!

Just my $.02

~ Jesse Meyer

Thanks, Jesse.

Reply to: