[96118] in RedHat Linux List
Re: Security for (SOHO) Newbies
daemon@ATHENA.MIT.EDU (John Lewis)
Sat Oct 24 08:01:20 1998
Date: Thu, 22 Oct 1998 23:11:12 +0100
From: John Lewis <jayell@mcmail.com>
To: redhat-list@redhat.com
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
From: Mike Johnson <Mike.Johnson@GSC.GTE.Com>
> >
> >Most of the questions on security issues are asked by Network Administrators.
> >What, if any, problems are lurking for the (SOHO) user
>
> Well, you really should be securing your system like a network admin. The
> only difference is you don't have to worry as much about problems from
> local users. Basically, your first step is to become paranoid. Assume
> that your network traffic is being sniffed at any point between you and
> your destination. -Never- submit credit card info over anything less than
> a 128bit SSL session. Assume that you'll be hit with a random port scan
> periodically (usually, crackers will scan a class C network, and if you
> happen to be online at the time...).
I think I have got the 128bit stuff sorted by applying Fortify to Netscape.
> >Is there any risk of someone gaining access to the system, it seems
> unlikely >but I would like to be sure. I suppose the risk is greater the
> longer on line, >to newsgroups for example.
>
> If someone manages to grab control of your system while you're online, and
> hides themselves well enough, your machine is compromised, be it online,
> or not. They could add all sorts of scripts that operate while you are
> offline, then when you reconnect, a script to let the cracker know your
> new IP address.
>
> >What, if anything, should be removed from the system to make it more
> secure >and what sort of modifications should be made to config files for
> services,
> Check out:
> http://scrye.com/~kevin/lsh/Security-HOWTO.html
> http://www.ecst.csuchico.edu/~jtmurphy/
> http://www.best.com/~aturner/RedHat-FAQ/
>
> In those you'll find some good pointers (I'm sure there's more, but that's
> what I came up with). First thing you need to do is open up /etc/hosts.deny
> and type, on a line by itself, ALL : ALL. Next, open /etc/hosts.allow and
> add ALL : LOCAL. That'll protect you from a log of things. For more tips,
> read the Security-HOWTO. Removing sendmail might be a good idea, assuming
> you use your ISP's mail server to send mail. pine and elm aren't really
> a problem as they only operate locally. Next, open up /etc/inetd.conf and
> comment out -everything-. Since you said that you are the only one that
> uses your machine, and I assume you don't telnet into your box, that'll
> also close a lot of holes. Restat inetd with
> /etc/rc.d/init.d/inet restart
>
> You'll need to keep up on RedHat errata updates, too. Welcome to the world
> of Linux security...
>
Thanks Mike - just the sort on info I needed to get me pointed in the right
direction.
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.