Protection from intruders
Hi, I'm linked to the internet trough a cable modem ( motorola cyber surf) what I would like to know is: Can I protect myself against potetial intruders ?? What is my level of exposure. I have a single machine which is my workstation at the end of this install, I never work as root except when needed root has a complex passsword remote login is forbidden for root , "." is not in the root password that s all for now. the ISP is supposed to protect my comms between him and I. I m looking for any kind of advices. regards GH Portefait -- "Computers are like air conditioners - they stop working properly when you open Windows" -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GCS/CC d-@ s+:- C++(++++)UL++>++++ P++>++++ L++>+++ E-W+(++) N++ !o K- w !O M(++) V? !PS !PE y+ PGP+++ t+ 5? X R* tv b+ DI? D+ G+++ e+++ h+ r y? ------END GEEK CODE BLOCK------ http://www.geekcode.com
Georges-Henry Portefait wrote:
Hi,
I'm linked to the internet trough a cable modem ( motorola cyber surf)
what I would like to know is:
Can I protect myself against potetial intruders ?? What is my level of exposure.
I have a single machine which is my workstation at the end of this install, I never work as root except when needed root has a complex passsword remote login is forbidden for root , "." is not in the root password that s all for now.
the ISP is supposed to protect my comms between him and I.
I m looking for any kind of advices.
regards
GH Portefait
Comment out any services you don't absolutely need in /etc/inetd.conf and create an /etc/hosts.allow and /etc/hosts.deny file and make them as restrictive as you can. You also might want to install tripwire and run it and save it's output to a removable media for future reference should you find you have been or might have been cracked. -- John Nickerson, Kailua, Hawaii A little inaccracy sometimes saves a ton of explanation.
I'm linked to the internet trough a cable modem ( motorola cyber surf)
what I would like to know is: Can I protect myself against potetial intruders ?? What is my level of exposure. I have a single machine which is my workstation at the end of this install, I never work as root except when needed root has a complex passsword remote login is forbidden for root , "." is not in the root password that s all for now. the ISP is supposed to protect my comms between him and I. I m looking for any kind of advices. regards GH Portefait
Comment out any services you don't absolutely need in /etc/inetd.conf and create an /etc/hosts.allow and /etc/hosts.deny file and make them as restrictive as you can. You also might want to install tripwire and
What is tripwire ??
run it and save it's output to a removable media for future reference should you find you have been or might have been cracked.
-- John Nickerson, Kailua, Hawaii
A little inaccracy sometimes saves a ton of explanation.
-- To unsubscribe, e-mail: suse-linux-e-unsubscribe@suse.com For additional commands, e-mail: suse-linux-e-help@suse.com
On 27 Jul 99, at 21:45, John Nickerson wrote:
Can I protect myself against potetial intruders ?? What is my level of exposure.
I have a single machine which is my workstation at the end of this install, I never work as root except when needed root has a complex passsword remote login is forbidden for root , "." is not in the root password that s all for now.
the ISP is supposed to protect my comms between him and I.
Comment out any services you don't absolutely need in /etc/inetd.conf and create an /etc/hosts.allow and /etc/hosts.deny file and make them as restrictive as you can. You also might want to install tripwire and run it and save it's output to a removable media for future reference should you find you have been or might have been cracked.
I would also add that you might want to not receive mail using sendmail (unless you want to do *quite a bit* of very hefty reading. Also, if you need telnet and ftp, use ssh instead. Cheers, Dennis "Custard pies are a sort of esperanto: a universal language." --Noel Godin
Hi, Whaow, bunch of answers there :) !! So cool I guess i'll need few days to explore them all. as I have only one machine, I cannot do the "fortified bastion" technique, however I already deleted the services files :) I'll go trough the reading and everything those next days thanks to everybody. If you have something more, I'll take it anyway :) Thanks again to Best Regards GH Portefait -- __________________________________________ "Computer are like air conditionners, they stop properly when you open windows" -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GCS/CC d-@ s+:- C++(++++)UL++>++++ P++>++++ L++>+++ E-W+(+++) N++ !o K- w !O M(++) V? !PS !PE y+ PGP++ t+ 5? X R* tv b+ DI? D+ G+++ e+++ h+ r y+ ------END GEEK CODE BLOCK------ http://www.geekcode.com
You can pick up 486 for almost nothing , pemtium 90s for a tille more , and 166s are out there as well. At 08:54 AM 7/29/1999 +0200, Georges-Henry PORTEFAIT wrote:
Hi,
Whaow, bunch of answers there :) !!
So cool I guess i'll need few days to explore them all.
as I have only one machine, I cannot do the "fortified bastion" technique, however I already deleted the services files :)
I'll go trough the reading and everything those next days thanks to everybody. If you have something more, I'll take it anyway :)
Thanks again to
Best Regards
GH Portefait
-- __________________________________________
"Computer are like air conditionners, they stop properly when you open windows"
-----BEGIN GEEK CODE BLOCK----- Version: 3.1 GCS/CC d-@ s+:- C++(++++)UL++>++++ P++>++++ L++>+++ E-W+(+++) N++ !o K- w !O M(++) V? !PS !PE y+ PGP++ t+ 5? X R* tv b+ DI? D+ G+++ e+++ h+ r y+ ------END GEEK CODE BLOCK------
-- To unsubscribe, e-mail: suse-linux-e-unsubscribe@suse.com For additional commands, e-mail: suse-linux-e-help@suse.com
On Thu, 29 Jul 1999, Samy Elashmawy wrote:
You can pick up 486 for almost nothing , pemtium 90s for a tille more , and 166s are out there as well.
I just picked up two 486's sitting on the street waiting for the garbage truck to come by. So I prevented filling the land fill with two cases. Now all I need are a couple hard drives. -- George Toft http://gtoft.dynip.com Hawaii Pacific University MSIS Graduate Student "Investigating the Relationship Between the Total Cost of Ownership, Organization Size, Industry, Workgroup Size, And the Perception of Value for Workgroup Servers."
On Tue, 27 Jul 1999, Georges-Henry Portefait wrote:
Hi,
I'm linked to the internet trough a cable modem ( motorola cyber surf)
what I would like to know is:
Can I protect myself against potetial intruders ??
See http://gtoft.dynip.com/security - this is the bare minimum.
What is my level of exposure.
Huge - they have all the time they need to attack.
I have a single machine which is my workstation at the end of this install, I never work as root except when needed root has a complex passsword remote login is forbidden for root , "." is not in the root password that s all for now.
I'm a full believer in the concept of a bastion host. That is a machine that is heavily fortified to protect the machines on the inside. Set up an old 486 as a router/firewall and put your workstation on a LAN inside the firewall. That gives the attackers twice the number of computers to attack, and gives you the opportunity to receive a mail warning if the firewall is compromised. My firewall runs a cron job to check the integrity of key files (passwd, group, shadow) once a minute, and if they change, I get e-mail.
the ISP is supposed to protect my comms between him and I.
My ISP protects all comms, too - so an attacker has all the privacy they need to break in. Been there twice.
I m looking for any kind of advices.
They are out to get you.
regards
GH Portefait
-- "Computers are like air conditioners - they stop working properly when you open Windows"
-----BEGIN GEEK CODE BLOCK----- Version: 3.1 GCS/CC d-@ s+:- C++(++++)UL++>++++ P++>++++ L++>+++ E-W+(++) N++ !o K- w !O M(++) V? !PS !PE y+ PGP+++ t+ 5? X R* tv b+ DI? D+ G+++ e+++ h+ r y? ------END GEEK CODE BLOCK------
-- To unsubscribe, e-mail: suse-linux-e-unsubscribe@suse.com For additional commands, e-mail: suse-linux-e-help@suse.com
-- George Toft http://gtoft.dynip.com Hawaii Pacific University MSIS Graduate Student "Investigating the Relationship Between the Total Cost of Ownership, Organization Size, Industry, Workgroup Size, And the Perception of Value for Workgroup Servers."
I too have a cable modem, and over the past year or so there have been at least a dozen unwelcomed attempts to enter my machine. You can't rely on your ISP for any help with this. I would suggest that you disable all services you don't absolutely need, such as finger, daytime etc. I also suggest disabling ftp, telnet, and rlogin. If you need to login to your machine from a remote location, use the much more secure SSH. You can comment out the services you don't need in the files /etc/rc.config and /etc/inetd. You might also want to use a program such as nessus (www.nessus.org) to test for vulnerability. Alan Riggins Georges-Henry Portefait wrote:
Hi,
I'm linked to the internet trough a cable modem ( motorola cyber surf)
what I would like to know is:
Can I protect myself against potetial intruders ?? What is my level of exposure.
I have a single machine which is my workstation at the end of this install, I never work as root except when needed root has a complex passsword remote login is forbidden for root , "." is not in the root password that s all for now.
the ISP is supposed to protect my comms between him and I.
I m looking for any kind of advices.
regards
GH Portefait
-- "Computers are like air conditioners - they stop working properly when you open Windows"
-----BEGIN GEEK CODE BLOCK----- Version: 3.1 GCS/CC d-@ s+:- C++(++++)UL++>++++ P++>++++ L++>+++ E-W+(++) N++ !o K- w !O M(++) V? !PS !PE y+ PGP+++ t+ 5? X R* tv b+ DI? D+ G+++ e+++ h+ r y? ------END GEEK CODE BLOCK------
-- To unsubscribe, e-mail: suse-linux-e-unsubscribe@suse.com For additional commands, e-mail: suse-linux-e-help@suse.com
I too have a cable modem, and over the past year or so there have been at least a dozen unwelcomed attempts to enter my machine. You can't rely on your ISP for any help with this.
I get daily scans/attempts on my cable line and my DSL line. You are 100% correct. Both my ISPs really don't care.
I would suggest that you disable all services you don't absolutely need, such as finger, daytime etc. I also suggest disabling ftp, telnet, and rlogin. If you need to login to your machine from a remote location, use the much more secure SSH. You can comment out the services you don't need in the files /etc/rc.config and /etc/inetd.
You can get SSH at: ftp://ftp.cs.hut.fi/pub/ssh Also, take some time and read the Firewall and Security HOW-TOs: http://metalab.unc.edu/LDP/HOWTO/HOWTO-INDEX.html M
participants (8)
-
ariggins@home.com -
chewbee@cybercable.fr -
dsoper@efn.org -
gh@simteam.com -
johnnick@pixi.com -
LinuxAdvocate@iname.com -
mistrM@gtemail.net -
samelash@ix.netcom.com