On Sun, 14 Jan 2001, Bill Johnson wrote:
> I'm running PortSentry on my RedHat 7 box. Is this sufficient to protect
> this standalone PC from most problems that might occur with an always on
> cable modem connection?
Not really. PortSentry is only going to alert you that someone is port
scanning your box - and depending on how sly they are, and how paranoid
portsentry is configured to be, not even that. Any port sentry only watches
on ports that arn't acutally in use. If you run wuftp for instance, and I
am looking only for vunerable ftp servers that I could tap your port 21 and
break in and port sentry would be none the wiser.
Port sentry is just a sort of early warning system. You don't just want to
detect when people access things, you need to make sure they arn't there to
be accessed. At the very least you want to disable anything you're not
using, ftp, telnet, in.rshd, finger, named ect ect ect and block off the
rest with ipchains. Where possible restrict things to only binding to the
loop back interface (especially true for a stand alone PC.) Wrap the rest
in tcp wrappers. Ababus (the folk who make port sentry) also make a log
watcher. That's generally a good idea too.
Security's kinda a never ending process so it would be misleading of me to
try give you a recipe of how to lock down your box. Of course we can help
you with anything specific. :) http://www.linuxsecurity.com have a pretty
good site to give you a feel for things, possibly start wtiht the
comp.os.linux.security FAQ at http://www.linuxsecurity.com/docs/colsfaq.html
> Forgive me for the off topic post, but this group usually provides great
> answers so I thought I'd run it by you.
*shurg* - not getting rooted isn't that far off topic. ;)
M.
--
WebCentral Pty Ltd Australia's #1 Internet Web Hosting Company
Level 1, 96 Lytton Road. Network Operations - Systems Engineer
PO Box 4169, East Brisbane. phone: +61 7 3249 2583
Queensland, Australia. pgp key id: 0x900E515F
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
