sorry.
This is the setup: remote user will be telneting the sco server.
sco--------linux w/ 2 nic-------ISP-------internet-------remote user
If i'll be using ssh, then we have to add ssh server on the sco, right?. all
i have to do is permit port 22 on the linux to a specific network. problem
is, it's not the only sco that we need to telnet, there are switches pa. :-(
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, March 23, 2000 4:41 PM
> To: '[EMAIL PROTECTED]'
> Subject: RE: [plug] OT: Firewall Policy Rules
>
>
>
> No, you need to use ssh instead of telnet.
>
> Using telnet still allows your network traffic to be captured and
> easily be read even if they are outside of the firewall.
>
> Ambo
>
> On Thu, 23 Mar 2000, Ronneil Camara wrote:
>
> > I'm running ipchains on a dual homed linux server. I'm
> using trinity's
> > ipchain rules. I asked this question because I've read an
> article that
> > packet filtering isn't good. We know for a fact that
> stateful inspection is
> > really good. And right now, project is still being develop
> for stateful
> > inspection.
> >
> > my setup:
> > eth0 - internal interface
> > eth1 - external interface
> > ip spoofing enabled,
> > patched redhat 6.1
> > and I've only allowed a specific network to telnet in
> coming from the
> > external interface.
> > inetd.conf already edited with minimal running services.
> > hosts.allow and hosts.deny already edited with ALL:ALL in hosts.deny
> > securetty also edited
> > no anonymous logins
> > and removed some r_x permissions for world in executables
> >
> > Is this secure enough?
> >
> > -
> > Philippine Linux Users Group. Web site and archives at
http://plug.linux.org.ph
> To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
>
-
Philippine Linux Users Group. Web site and archives at
http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
-
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
