[96118] in RedHat Linux List

home help back first fref pref prev next nref lref last post

Re: Security for (SOHO) Newbies

daemon@ATHENA.MIT.EDU (John Lewis)
Sat Oct 24 08:01:20 1998

Date: Thu, 22 Oct 1998 23:11:12 +0100
From: John Lewis <jayell@mcmail.com>
To: redhat-list@redhat.com
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com

From: Mike Johnson <Mike.Johnson@GSC.GTE.Com>

> >
> >Most of the questions on security issues are asked by Network Administrators.
> >What, if any, problems are lurking for the (SOHO) user 
> 
> Well, you really should be securing your system like a network admin.  The
> only difference is you don't have to worry as much about problems from
> local users.  Basically, your first step is to become paranoid.  Assume
> that your network traffic is being sniffed at any point between you and
> your destination.  -Never- submit credit card info over anything less than
> a 128bit SSL session.  Assume that you'll be hit with a random port scan
> periodically (usually, crackers will scan a class C network, and if you
> happen to be online at the time...).

I think I have got the 128bit stuff sorted by applying Fortify to Netscape.
 
> >Is there any risk of someone gaining access to the system, it seems
> unlikely >but I would like to be sure. I suppose the risk is greater the
> longer on line, >to newsgroups for example.
> 
> If someone manages to grab control of your system while you're online, and
> hides themselves well enough, your machine is compromised, be it online,
> or not.  They could add all sorts of scripts that operate while you are
> offline, then when you reconnect, a script to let the cracker know your
> new IP address.
> 
> >What, if anything, should be removed from the system to make it more
> secure >and what sort of modifications should be made to config files for
> services,

> Check out:
> http://scrye.com/~kevin/lsh/Security-HOWTO.html
> http://www.ecst.csuchico.edu/~jtmurphy/
> http://www.best.com/~aturner/RedHat-FAQ/
> 
> In those you'll find some good pointers (I'm sure there's more, but that's
> what I came up with).  First thing you need to do is open up /etc/hosts.deny
> and type, on a line by itself, ALL : ALL.  Next, open /etc/hosts.allow and
> add ALL : LOCAL.  That'll protect you from a log of things.  For more tips,
> read the Security-HOWTO.  Removing sendmail might be a good idea, assuming
> you use your ISP's mail server to send mail.  pine and elm aren't really
> a problem as they only operate locally.  Next, open up /etc/inetd.conf and
> comment out -everything-.  Since you said that you are the only one that
> uses your machine, and I assume you don't telnet into your box, that'll
> also close a lot of holes.  Restat inetd with
> /etc/rc.d/init.d/inet restart
> 
> You'll need to keep up on RedHat errata updates, too.  Welcome to the world
> of Linux security...
> 
Thanks Mike - just the sort on info I needed to get me pointed in the right
direction.


-- 
  PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
		http://www.redhat.com http://archive.redhat.com
         To unsubscribe: mail redhat-list-request@redhat.com with 
                       "unsubscribe" as the Subject.


home help back first fref pref prev next nref lref last post