Re: [TCLUG:5793] security

To: tclug-list@listserv.real-time.com
Subject: Re: [TCLUG:5793] security
From: Eric Edgar <edga0010@tc.umn.edu>
Date: Tue, 4 May 1999 09:19:27 -0500
In-Reply-To: <Pine.BSF.3.96.990504074632.11293A-100000@chemsun.chem.umn.edu>; from Tim Wilson on Tue, May 04, 1999 at 08:03:19AM -0500
References: <Pine.BSF.3.96.990504074632.11293A-100000@chemsun.chem.umn.edu>

On Tue, May 04, 1999 at 08:03:19AM -0500, Tim Wilson wrote:
> Good morning everyone,
> 
> I've been thinking about security on my server lately. I've realized that
> I really need to get up to speed on security issues before my system gets
> cracked. I've been reading some docs on the subject, but I thought the
> entire list might benefit from this question. (Incidentally, I suppose
> this would be a good topic for the FAQ-O-matic, but I was having trouble
> figuring out how to use it. It didn't seem to want to accept my password.)
> 
> Let's assume that you've got a newly installed Linux system on a
> brand-spankin'-new server. RedHat for example. Let's say that this machine
> will be a file server on a LAN with a mixture of Win9x/NT and Linux
> client. You will also be running a web server, ftp server, and would like
> to allow remote access from home for administration purposes. Once the
> system is installed, what steps should you take to secure the system?
> 
> Let's contribute a list of steps, put them into some order, and place it
> on the TCLUG website or in the FAQ-O-matic. Here are some initial
> suggestions (incomplete, and in no particular order).
> 
> 1. Install SSH on the server. Go to
> ftp://ftp.replay.com/pub/crypto/crypto/SSH/ to download SSH.
> 
> 2. Make sure you install TCP Wrappers to make some rules for allowing and
> disallowing access to services.
> 
> 3. Read the Security-HOWTO at the Linux Documentation Project website
> (http://metalab.unc.edu/mdw/linux.html)
> 
> 4. Read the Linux Administrators Security Guide at
> http://www.seifried.org/lasg/
> 
> Well that's a small start. Would others of you be interested in adding
> your $0.02?
> 
> -Tim
> 
> --
> Timothy D. Wilson			"A little song, a little dance,
> University of MN, chem. dept.		a little seltzer down your 
> wilson@chem.umn.edu			pants."   -Chuckles the Clown
> Phone: (612) 625-9828                       as eulogized by Ted Baxter
> 

Thats a good start.  Now remember to disable any ports that your not using.  If you decide to run a ftp server make sure it is a secure variety. Like sftpd etc.  Other wise there is not point in running ssh because the ftp passwords are sent via clear text.

Eric








> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@listserv.real-time.com
> For additional commands, e-mail: tclug-list-help@listserv.real-time.com
> Try our website: http://tclug.real-time.com

References:
- security
  - From: Tim Wilson <wilson@chemsun.chem.umn.edu>
- security
  - From: Tim Wilson <wilson@chemsun.chem.umn.edu>

Prev by Date: Re: [TCLUG:5689] GUI email apps
Next by Date: Re: [TCLUG:5793] security (some pre-coffee thoughts)...
Prev by thread: RE: [TCLUG:5793] security (some pre-coffee thoughts)...
Next by thread: SSH and NFS
Index(es):
- Date
- Thread