[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: security issues.....
> i recently read an article in pc answers about security settings on
> pc's....
Heh.
> a website (HTTP://GRC.COM/) CLAIMS TO BE ABLE TO CHECK YOUR PC'S
> SECURITY.
Heh. A second time.
> I THEN CARRIED OUT THE TEST ON PORTS AND FOUND WIN98 TO BE ACCEPTABLE
> BUT LINUX FAILED ON SEVERAL PORTS.....
> PORT 21-FTP
> PORT 23-TELNET
> PORT 79-FINGER
> PORT 110-POP3
POP3 shouldn't be open on a home box. Not a major problem, especially
with an up to date distribution, but unnecessary, so kill it.
FTP, unless you're running a server is likewise. Also several ftpds have
holes in them (notably wuftpd).
Funger gives out a little bit of host info (like kernel version etc.) on most
machines. Some consider this a security risk, but a tool like nmap will
find the same data in a few seconds anyway, so no big deal.
Try finger root [at] localhost to see what you get.
Telnet IMO, unless you really need it should be shutdown (it's for remote
shell access).
To remove services stick a # in front of their entries in /etc/inetd.conf.
Also, if you don't want any remote machines (local network or internet)
connecting to your box, add
ALL: ALL
to /etc/hosts.deny
That may be a little extreme though (anyone think what it may break?).
If you're serious about security buy a good book. I reccommend
Practical Internet and UNIX Security from O'Reilly.
And for a good security checker/scanner, try Nessus. http://www.nessus.org
It's easier than trying to get SATAN working anyway...
> THEY CLAIM MY PC IS VUNERABLE TO UNSOLISETED ACCESS.
>
> I WOULD BE INTERSTED TO HEAR ANYONE'S COMMENTS ON THIS.
Probably, but not easy, especially if you chose good passwords.
> WOULD IT BE PAEANOIA TO CHASE SOLUTIONS TO THESE ACCESS BREACHES?
All UNIX users are paranoid. :)
Start your own FREE mailing list at
© 2000 Microsoft Corporation. All Rights Reserved