Re: [vox-tech] firewall question

[Ted Deppner <teMAPSd@psyber.com>]

On Thu, Jan 03, 2002 at 03:09:12PM -0800, Ricardo Anguiano wrote:
> > is there any reason to open them up?
> 
> Only if you are running something that listens on udp ports.  Check with
> lsof.

<rant_mode=1>

Bad!  Security starts with everything turned off.  You only open what you
need!

There's a lot of crap that netstat -an or lsof will find.  turn off unused
crap in /etc/inetd.conf.  turn off nfs, nfs.statd, rpciod, portmap, etc.
uninstall telnetd, fingerd, pidentd, etc (typical post potato install).
change /etc/hosts.deny to ALL:ALL, add what you need back into
/etc/hosts.allow.

netstat -an until there is *NOTHING* listening and running that you don't
clearly understand and know you need.


There is nothing worse about security than the *assumption* that you're
secure because you made a few passing overatures at securing your box.

Know your box, network, daemons, needs, etc!

</rant mode>  <!-- rand mode=1 blatantly stolen from www.linuxtoday.org -->

Sorry for the rant.  It should serve as a good newbie security intro
though.

-- 
Ted Deppner
http://www.psyber.com/~ted/
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech