Hi,
Thanks a lot for your detailed reply. It was more than I expected.
Quote:
|
Disable ALL unnecessary network services ideally leaving Telnet only.
|
Following is the only entry which I have in my hosts.allow file:
This means no other service but telnet only.
Quote:
Lock all system accounts except root, of course, restricting root access to the console only.
Enforce a strict password policy with an 8-character minimum length and frequent password changes.
|
Yeah, I restricted root access to the console only. And same is the case with password policy.
Quote:
Isolate your server from the rest of your network. Firewalls work fine but physical isolation is not susceptible to configuration errors. To simplify periodic access to the server, a second interface can be added with a cross-over connection to another server. On your Internet facing system, the interface can be left up while on the cross-over server, bring down the interface when not in use.
PATCHES!! Stay on top of all security patches for your environment. This is most important and most overlooked.
|
I'll check if I can acheive it.
About ssh, I can't stop my telnet daemon, users they don't use telnet directly. They are using a client software wiz KCML Client. So, if they are diretly doing telnet to system, I can simply replace telnet with ssh. But for above case, I'll check with my software provider, if they could help me.
Thanks a lot for your help.
Best Regards,
Tayyab
