Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: One Question about security
Special Forums Cybersecurity One Question about security Post 302074198 by System Shock on Sunday 21st of May 2006 12:04:40 PM
Old 05-21-2006
Quote:
Originally Posted by hegemaro
The most important thing is to harden your server to the point of paranoia. There are many documents on how this can be achieved but here are a few general suggestions.
  • Disable ALL unnecessary network services ideally leaving Telnet only.
  • Lock all system accounts except root, of course, restricting root access to the console only.
  • Enforce a strict password policy with an 8-character minimum length and frequent password changes.
  • Isolate your server from the rest of your network. Firewalls work fine but physical isolation is not susceptible to configuration errors. To simplify periodic access to the server, a second interface can be added with a cross-over connection to another server. On your Internet facing system, the interface can be left up while on the cross-over server, bring down the interface when not in use.
  • PATCHES!! Stay on top of all security patches for your environment. This is most important and most overlooked.

... none of this will do a lick of difference if you are still using telnet to connect into the network; I can snoop your su - root as good as your login. You have to either encrypt or tunnel -if not both- the original connection. Otherwise, your single point of failure (in this case, single point of risk ) still remains, i.e., the original connection into your network using telnet.

With SSH, the connection into the network is encrypted; not that it can't be hacked, but it'll take governent-type resources to do so. Add the use of keys, where the public key in your server has to match the private key in your user's computer, it makes it that much harder to hack. You add a "security verification" after login, and change the SSH port, it adds to the protection.

Also, even if your users have dynamic IP's, you can still use wrappers to deny connections from outside your users' networks. For example, if you have a user that has 32.1.1.10 right now, chances are, next time his IP refreshes, he's not going to go to say 222.123.321.4, since ISP's have a limited number of IP's - and therefore networks - to work with, so you could accept connections from say 32.1.xx.xx only and reject everything else.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

PostFix security question

I have a Postfix mail server running on my eMac, and been looking at /var/log/mail.log. I am new to administrating a mail server. I notice some servers tried to relay messages to unkown recipients in my server, and my Postfix denied access. The "from" and "rcpt to" look very phony. I did a... (3 Replies)
Discussion started by: fundidor
3 Replies

2. UNIX for Dummies Questions & Answers

UNIX Security Question

Can other users delete / replace this file if the directory and file have the following permissions /test drwxrwxrwx /test/file _rw_r__r__ I guess what I really want to know is what the security riskis of having teh directory completely open when the access to a particular file is... (3 Replies)
Discussion started by: OBCCBIP
3 Replies

3. UNIX for Dummies Questions & Answers

security question

I just wanted to know when dealing with key loggers, What would be a normal routine for searching them out. I really don't know what I am looking for other than odd process. Also packet sniffers. What are signs? (0 Replies)
Discussion started by: blanks
0 Replies

4. UNIX for Dummies Questions & Answers

Question: Unix Security

question deleted, because answered (2 Replies)
Discussion started by: kasa
2 Replies

5. Solaris

Java / SunOS Security question

Hi, I have a question about the Java that comes with the Solaris 9/10 OS. All my boxes are servers, only ssh allowed, no x windows, hardened, firewaled, etc... Their purpose is Oracle DB's and Sun One Dir servers. None of which use the OS version of Java as far as know. Question IS, can... (1 Reply)
Discussion started by: BG_JrAdmin
1 Replies

6. UNIX for Dummies Questions & Answers

Security Question

In an effort to adapt to best security practices, it has been suggested that a number of scripts that are going to be distributed to multiple machines across an internal network use be modified to replace instances of rsh and rcp with openSSH ssh and scp. Since there are so many references to rsh... (1 Reply)
Discussion started by: jasondj
1 Replies

7. Cybersecurity

Security question.

This may seems simple but I am unaware of this. Is there anyway to fetch the date & time of a user ID created on AIX? (actually I need answer for HP-UX,Solaris & Linux as well. But AIX is what I am most interested in.) I use ls command but it does not show the creation date. It just shows the... (2 Replies)
Discussion started by: raj100
2 Replies

8. Cybersecurity

Question on a security package on linux

Hello everyone , I want to implement a new firewall, detection system on my network composed of some 200 computers as follows: The fire wall would be a linux box with router, L7 iptable and also snort as IDPS system. These are my questions: 1. Is there any security consideration regarding... (0 Replies)
Discussion started by: ahmedkamel
0 Replies

9. Cybersecurity

Web hosting security question

Hi, Recently my has been hacked. A .pl script has been uploaded in the root of the directory, which uploaded lot of unwanted files and changed their file permission to 777. I have no clue how did they upload that .pl file in my hosting. Website is in shared hosting. Could they access my web... (3 Replies)
Discussion started by: agriz
3 Replies

10. AIX

AIX IP security question

Recently the network auditor found a security hole at port 50000. The port 50000 is used by db2. When I enter command "netstat -Aan |grep 50000", it showed some established connections and are all db2 processes. I have asked the application team and they answered that the port 50000 connection... (2 Replies)
Discussion started by: skeyeung
2 Replies

LEARN ABOUT DEBIAN

bt-network

bt-network(1)							    bluez-tools 						     bt-network(1)

NAME

       bt-network - a bluetooth network manager

SYNOPSIS

       bt-network [OPTION...]

       Help Options:
	 -h, --help

       Application Options:
	 -a, --adapter=<name|mac>
	 -c, --connect <name|mac> <uuid>
	 -s, --server <gn|panu|nap> <brige>

DESCRIPTION

       This utility is used to manage network services (client/server).  All servers will be automatically unregistered when the application
       terminates.

OPTIONS

       -h, --help
	   Show help

       -a, --adapter <name|mac>
	   Specify adapter to use by his Name or MAC address
	   (if this option does not defined - default adapter used)

       -c, --connect <name|mac> <uuid>
	   Connect to the network device and return the network interface
	   name, uuid can be either one of "gn", "panu" or "nap"

       -s, --server <gn|panu|nap> <brige>
	   Register server for the provided UUID, every new connection to
	   this server will be added the bridge interface

AUTHOR

       Alexander Orlenko <zxteam@gmail.com>.

SEE ALSO

       bt-adapter(1) bt-agent(1) bt-audio(1) bt-device(1) bt-input(1) bt-monitor(1) bt-serial(1)

								    2010-11-22							     bt-network(1)
All times are GMT -4. The time now is 06:47 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy