l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 20: code_swarm 		Next Installfest:
Sat. Nov. 8th [TENTATIVE] 		Latest News:
Sep. 25: Installfest this Saturday 		Page last updated:
2005 May 30 22:24
Events
 Meetings
 Installfests
 Demos
 Photos
Services
 Library
 LERT
 Jobs
 Documents
Interact
 Mailing Lists
 - Search
 - Archives
 Chat
About Us
 Members
 Projects
 Testimonials
 Call for Speakers
 Why Not MS?
 Finances
 Sponsors

^Home
?Search
?News & RSS
?Calendar
@Contact Us
$Buy Stuff
=Printable


The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

 Report this post as spam:

(Enter your email address)
[vox] Basic security issues
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox] Basic security issues

Long story short:  last week I ran nmap from my Linux box at work to check for 
open ports on my home network.  One of the ports nmap scanned was 31337.  
Because that's the port that Back Orifice uses, our department's IT -- a 
Microsoft zealot -- decided that someone was trying to hack into our network 
to use Back Orifice on one of our systems.  After demonstrating that because 
the 31337 scan was directed at my own machine and because it coincided 
precisely with the time that I was running nmap and that my home machine is 
not vulnerable to Back Orifice anyway, the IT guy has still decided that 
because of this I should not be allowed to use a Linux workstation at my desk 
(despite the fact that I maintain two Solaris servers and two Linux servers 
as part of my job).  For sanity's sake, I did run a full chkrootkit and 
system log scan on my machine just to make sure it hadn't been compromised.

So just because I'm cantankerous, I want to demonstrate that using a laptop 
running Linux is better for our network than a desktop running Windows.  I've 
already disabled all non-essential services, including sshd.  What other 
steps could I take?  I'm thinking about using IPTABLES to block all outbound 
traffic on ports other than 21, 22, 80, and 110.  And I wonder if it's 
possible to allow traffic on those ports to specific destinations only; for 
example, to allow port 22 to connect only to my home machine and to the 
servers I maintain here at work, or to allow 21 to connect only to our 
hosting provider (who allows only FTP access to our files).  None of this is 
necessary, of course, but, as I said, I'm cantankerous and I have a point to 
prove, dammit.

What are your thoughts?  Suppose this were a Linux laptop that you'd give to a 
company employee?  What services and ports would you allow on it?

-- 
Richard S. Crawford
http://www.mossroot.com

Attachment: pgp00012.pgp
Description: PGP signature

_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
1105 Kennedy Place, Suite 1, Davis, CA 95616
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

 Sponsored in part by:
PC Memory Store
PC Memory Store donated give-aways to LUGOD in early 2008.