[1864] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Services not required?

daemon@ATHENA.MIT.EDU (Stephen Costaras)
Sun Jun 14 06:20:27 1998

From: "Stephen Costaras" <stevecs@chaven.com>
To: <linux-security@redhat.com>
Date: Tue, 9 Jun 1998 17:57:24 -0500
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com


-----Original Message-----
From: Andrew Frolov <dron@ilm.net>
To: linux-security@redhat.com <linux-security@redhat.com>
Date: Tuesday, June 09, 1998 8:54 AM
Subject: [linux-security] Re: Services not required?


>> > > 22/SSH        (1.22)
>>
>> Could replace telnet. Perhaps also ftp, but only between UNIX machines (I
>> think there isn't a 'scp' port for non-unix OS's).
>>
>> Latest version is 1.2.23 and fixes some bugs.
>>
>> > > 23/TELNET     (Netkit 0.09)
>>
>> Good version, but sniffable service.
>>
>
>JUST CLOSE TELNET SERVICE!
>Force your users to use ssh - there are already 2 clients for windows,
>aik: SecureCRT and SSH for Windows.


Unfortunately we have Cisco 2511's used for terminal servers (dialup
modems).  Not all clients can use PPP so some have to be able to telnet
into the system from the Cisco's.  I have not been able to find anything
that would offer a secure channel from the Cisco's to the Unix host (like
a ssh for the Cisco's).  If something like that was available I would
disable telnet in a second.

All 'r' services have long been disabled and removed from the systems.
so the only remote holes are the ones that I listed before (or whatever
can go across those ports).

Someone mentioned a SSL version of POP3, does a SSL POP3d exist for Linux?
Anyone know the url?

Also, NFS, does anyone know if secureNFS was ever ported to Linux?

Sendmail I'm in the process of upgrading to 8.9, I looked at Qmail and
others but am not yet comfortable that they are as robust as sendmail is.
True sendmail has been hacked a bit in the past, but the fact that it has
been hacked lets me know that those holes were patched.  Qmail has not
been hacked (that I know of) and that gets me a little edgy.  I don't know
of any system that is 100bug free.

Steve

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post