[1842] in linux-security and linux-alert archive
[linux-security] Services not required?
daemon@ATHENA.MIT.EDU (Stephen Costaras)
Tue Jun 9 01:58:28 1998
From: "Stephen Costaras" <stevecs@chaven.com>
To: <linux-security@redhat.com>
Date: Mon, 8 Jun 1998 14:44:04 -0500
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
I'm in the process of locking down as much of my systems here
as possible as to available ports. I am down to only a handful
but am not sure how much of a security risk they pose and was
wondering if anyone here might be able to comment, or suggest
secure versions to run:
21/FTP (WU-ftpd v2.4.2 BETA 14)
22/SSH (1.22)
23/TELNET (Netkit 0.09)
25/SMTP (Sendmail v8.8.7)
49/TACACS (TACACS_Plus v4.0.2 BETA/Cisco)
53/DNS (BIND v8.1.2)
80/HTTP (Apache v1.2.6 - upgrading to v1.3.0)
110/POP3 (Katie Steven's v1.016)
111/RPC (Netkit 0.09)
113/IDENTD (????)
669/MOUNTD (RPC/Linux Userspace NFS server v2.2beta29)
2049/NFS (RPC/Linux Userspace NFS server v2.2beta29)
6669/APCUPSD (UPS Monitoring, read-only from UPS server, already sent
letter to author for security info).
On servers that have no need for the above ports (ie, telnet, tacacs, pop3,
et al) they are disabled. My main concerns are based on the assumption
that someone might gain access to the local subnet, which protocols
would be sniffable/hackable/et al?
Stephen Costaras,
stevecs@chaven.com
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null