What to turn off in Solaris 2.x
Any service in rc2.d or rc3.d that isn't need (i.e., S73nfs.client,
S15nfs.server, S71rpc) can be disabled by appending no_ to the front of the
file name.
Any service in /etc/inetd.conf that's not needed (i.e., talk, finger,
name, comsat, uucp,exec, shell, tftp) can be disabled by commenting them
out.
It's also not a bad idea to disable the in.routed routing process (also
in.rdisc).
Looking forward to comment from others.
> -----Original Message-----
> From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, June 10, 1999 11:30 PM
> To: gill
> Cc: Firewalls list
> Subject: Re: Why not FireWall-1 on NT?
>
> I am sure if enough companies were committing to Apple IIe as the platform
> of choice for all systems that vendors would alter their products to run
> in
> that environment. CheckPoint is simply following a market trend and
> ensuring the continued revenue stream from their firewall products. That
> they provide a system for NT does not indicate that the OS is secure, it
> simply indicates that the OS is popular.
>
> I have spent a lot of time in NT and I think it can be secured. I feel
> the
> issue of NT vs. Unix comes into play when you compare what level of
> service
> can be provided from a well-secured NT system versus a well-secured Unix
> system.
>
> Several contributors to the discussion have mentioned services they would
> turn off or remove to secure any particular OS. I think it would be
> informative to hear from everyone about what services to kill on each OS
> to
> secure it for firewall use. At the very least we might actually get some
> detail (you know, technical details...) involved in the discussion rather
> than conjecture and the ocassional religious outburst ;-).
> --------------------------------------------
> Andrew Walls, IT Security Analyst, BankWest
> 40 Frame Ct., Leederville, WA, 6007, Australia
> 61-8-9449-3787, FAX 61-8-9449-3795 Mobile 0419926368
> PGP Fingerprint: E0F7 296E D6D5 6057 1E1D F61B 2602 CB8A
>
>
> ---------------------------------------- Message History
> ----------------------------------------
>
>
> From: "gill" <[EMAIL PROTECTED]> on 11/06/99 04:21
>
> To: "Firewalls list" <[EMAIL PROTECTED]>
> cc: (bcc: Andrew Walls/PRS/SS/BankWest)
>
> Subject: Why not FireWall-1 on NT?
>
>
>
>
>
> CheckPoint's FireWall-1 is sold to run on the following platforms:
>
> HP-UX 10.x
> AIX 4.2.1 and 4.3.0
> Solaris 2.5 and higher
> Windows NT Server 4.x Service Pack 3.01 (Intel-based only)
>
> It has been my experience that the majority are installed on Solaris and
> NT
> boxes.
>
> My question for this discussion is this: why would CheckPoint take
> FireWall-1 to NT? It seems that they are the commercial software firewall
> leaders in the marketplace. Why would they risk jeopardizing their
> product
> and their reputation by selling a product to be built on top of an OS that
> isn't (or can't be made to be) secure?
>
> This reasoning does not lead me to believe that the NT OS is an inherently
> secure one, but it does lead me to believe even more strongly that the NT
> OS
> *can* be made secure and that the real important factor is the
> installation
> and administration ... a point that has been made several times through
> the
> course of this discussion.
>
> --gill
>
> =====================================
> James Gill * http://www.topsecret.net
> =====================================
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
>
>
>
>
> __________________________________________________________________________
> _____
> Unencrypted electronic mail is not secure and may not be authentic.
> If you have any doubts as to the contents please telephone to confirm.
>
> This electronic transmission is intended only for those to whom it is
> addressed. It may contain information that is confidential, privileged
> or exempt from disclosure by law. Any claim to privilege is not waived
> or lost by reason of mistaken transmission of this information.
> If you are not the intended recipient you must not distribute or copy this
> transmission and should please notify the sender. Your costs for doing
> this will be reimbursed by the sender.
> __________________________________________________________________________
> _____
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
