[1846] in linux-security and linux-alert archive
[linux-security] Re: Services not required?
daemon@ATHENA.MIT.EDU (Linux Mailing Lists)
Tue Jun 9 08:36:09 1998
Date: Tue, 9 Jun 1998 14:15:50 +0200 (MET DST)
From: Linux Mailing Lists <linux@aiind.upv.es>
To: linux-security@redhat.com
In-Reply-To: <Pine.LNX.3.95.980609030431.350A-100000@comanche.wildstar.net>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
Hello!
> > 21/FTP (WU-ftpd v2.4.2 BETA 14)
Sounds secure, but sniffable.
> > 22/SSH (1.22)
Could replace telnet. Perhaps also ftp, but only between UNIX machines (I
think there isn't a 'scp' port for non-unix OS's).
Latest version is 1.2.23 and fixes some bugs.
> > 23/TELNET (Netkit 0.09)
Good version, but sniffable service.
> > 25/SMTP (Sendmail v8.8.7)
Could upgrade to sendmail 8.9.0 (and if you can, use tcp-wrapper to only
allow your main 'trusted' mailhost of your subnet to send mail to you).
> > 80/HTTP (Apache v1.2.6 - upgrading to v1.3.0)
Nice idea to upgrade it ;)
> > 110/POP3 (Katie Steven's v1.016)
I don't know if that version is secure, but it's a sniffable service.
[Another reply to this mail :]
> The most non-secure services are the r services, and those aren't much at
> risk if you're not running a version with security holes. But I don't see
> why you would actualy need to run all of them. Ssh could replace telnet,
> you don't need identd unless you go on IRC, as for mail, you should check
> sendmail alternatives. Oh and firewalling ports is still the best
> solution. Unless you need to NFS with someone across the country, you
> should firewall it for outside users.
Nothing to say about your advices, but encourage people to use identd
whenever it's possible. It's always nice to know which remote user is
trying to access your system. In case of problem you know how to point
your finger at ;) I think it's possible to fool that service, but...
The best solution when you're worried with sniffers is to use as much
encrypted services as possible (either SSH or SSL), the problem is that
Winblows/DOS/Mac haven't got much ports of those utilities. For example, I
think there's an SSL version of the pop3 server, but you won't be able to
find a SSLPOP3 client for windows (AFAIK). I think that Unix systems to be
more and more secure, but to be "windows compatible" we must use
stupid-non secure protocols :(
Greetings,
Sergio
PS:Please excuse my english :)
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null