[NCLUG] Two easy? security questions...
J. Paul Reed
preed at sigkill.com
Tue Sep 5 00:13:52 MDT 2000
On Tue, 5 Sep 2000, dobbster wrote:
> I checked out isinglass and I am experimenting with it on a test
> system. Evidently I have a lot of reading to do. :-)
Yeah, firewalling can be a bit tricky to get right; it took me a few times
to get it right.
> Since my server doesn't use IMAP, couldn't I just remove it from the
> /etc/inetd.conf and thus at least avoid that port?
Yeah, and in fact you should do that with all services that you don't know
what they're for and/or don't use.
'netstat -a' can be very helpful for tracking that sort of stuff down.
You'll still want to setup a firewall, since ports like X-windows are
open whenever you're using X...and I happen to like using X on my
workstation, which also happens to be my router.
Commenting services out is the first step, but making it so the ports
actually don't even answer really confuses the script kiddies...at least
the really stupid ones.
Later,
Paul
----------------------------------------------------------------------
J. Paul Reed preed at sigkill.com || web.sigkill.com/preed
If you put a gun to my head and said "Name ten great bands that have
come out in the last 5 years," you'd be wiping my brains off the wall.
-- Trent Reznor
More information about the NCLUG
mailing list