> solution. The good news is that RH 7.1 has apparently taken steps, in
> 7.1, to correct this, so there is hope that it will ultimately be
> corrected or at least mitigated by the "distributions". The company I
This is correct. I installed 7.1 in VMware to poke around the default
installation and see if there are any holes or insecure binaries, and my
mouth almost dropped when a screen popped up during the installation that
lets you pick your type of security "high", "medium" or none. Not only that,
but it gives you a list of interfaces that you can check off that are
"trusted", so if you have eth1 on an internal network that you want all
traffic to go through, all you have to do is check it off. Along with the
trusted interface, they have 6 ports which you can also check off to allow
connections to. I dont remember off the top of my head, but I think it was
ssh, www, ftp, etc, plus you can also enter in port numbers, incase you have
a service running on an obscure port number.
While having tools configure your security isnt as good as you taking the
time learning iptables/ipchains, its defaintely a start. Hopefully most
people will select high security (I did during the install, and when I
nmap'd my box, it couldnt see any open ports), but you can only take
automated security so far. If someone chooses high security, but leaves
their ftp port open, and someone finds another wu-ftp bug, then they are
screwed, no matter how much they have locked down their other ports.
---------------
Tony Lambiris [[EMAIL PROTECTED]]
PC Support Specialist
P: 603-324-3000 x 234
C: 603-759-8384
"Microsoft doesn't believe in free() code."
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
