How secure am I really??

How secure am I really??

Post by Jay D Riba » Fri, 11 Dec 1998 04:00:00



I used to think that my systems were fairly secure...but after reading some
of the threads in here about people getting hacked, I am beginning to get a
bit paranoid/worried.

I run an IPP, and my systems must be directly connected to the Internet.
There is no real concept of stuff that could be hidden behind a firewall, so
I am on the front lines.

I use Slackware Linux, with a recent kernel.  Here are some of the steps I
have taken to secure things.  I would appreciate more
pointers/tips/suggestions/etc.

1. Disabled all unnecessary services in inetd.conf, including finger,
netstat, etc, etc.

2. Shut down mountd, nfsd, and other unnecessary daemons and prevented them
from starting up on bootup.

3. Downloaded and installed the latest version of sendmail.  Implemented
some of the anti-spam features in 8.9.1.

4. Removed serial and remote terminals from being considered secure
terminals in /etc/securetty.   Thus, root can only login from the 'login:'
prompt at the console, which is behind locked doors.

5. Limited su's to root to group root (same concept as wheel).  The only two
members of group root are myself and the second admin.  Thus, only two
accounts can su to root.

6. Implemented strong passwords for root, and the two admin accounts and
change them on a regular basis.

7. Require CGI scripts to be run using CGIwrap, which runs the script as the
UID of the user, not 'nobody'.

8. Altered syslog.conf so that certain log messages go to non-world readable
log files (to prevent joeuser from reading 'messages' and seeing that some
dumbass tried to login with his password instead of his username, and it

I can't remember some other steps I have taken, but am I missing anything
significant??  One thing I wanted to do, but couldn't find much
documentation on, was implementing some security for BIND 8.1, to prevent
unauthorized zone transfers and things like that.  Any pointers?

Also, how secure is it to post info on this newsgroup?  If I was a hacker I
think I would read this group to find out who is secure and not secure....

Thanks
Jay Ribak

 
 
 

How secure am I really??

Post by Valdis Kletniek » Fri, 11 Dec 1998 04:00:00



Quote:> 3. Downloaded and installed the latest version of sendmail.  Implemented
> some of the anti-spam features in 8.9.1.

Not just Sendmail.  Install the latest version of *everything* that has had
a CERT advisory against it.

If it's a service important enough to leave turned on, it's important
enough to keep the patches up to date.

The rest of your list looks pretty good - I'd also add:

9) Disable telnet, and require the use of ssh instead, to prevent
the sniffing of passwords/

  application_pgp-signature_part
< 1K Download

 
 
 

How secure am I really??

Post by jim barch » Fri, 11 Dec 1998 04:00:00


Hello Jay!


Quote:> I used to think that my systems were fairly secure...but after reading some
> of the threads in here about people getting hacked, I am beginning to get a
> bit paranoid/worried.

Be afraid. Be very -very- afraid. JK! :)

What you described sounds very good. Up to date software counts for a
lot. You mentioned passwords, I'm assuming that includes shadow.

I'd suggest running tripwire daily and logcheck as often as possible.
Tripwire is an 'after the fact' thing but useful. Logcheck helps a lot
to nab wannabe crackers as -soon- as possible after an 'attempt' to
write to thei ISP and stop them from from trying other servers. I
average about one attempt a day on various services.

And -backup- early and often!! It's only a matter of time; you -will-
be cracked. Backups enable you to rebuild and restore as quickly and
smoothly as possible, your users will love that.

Have a :) day!

jb

--
jim barchuk

 
 
 

How secure am I really??

Post by Anders Thul » Sat, 12 Dec 1998 04:00:00




Quote:>I can't remember some other steps I have taken, but am I missing anything
>significant??

  You may - try checking up CERT advisories to see if there is
anything that strikes your eye.  Or search www.rootshell.com or
ftp.technotronic.com for any services you may have installed.  (Qpop?)
And the recent bugtraq archives ...

  *You* have to cover all holes to stop them from breaking in -- while
*they* only have to find one single hole to get in. It's not cricket,
exactly ...

--

Telia ProSoft AB, Teknikringen 6, S-583 30 Linkoping, Sweden

 
 
 

How secure am I really??

Post by Matthew Whela » Sat, 12 Dec 1998 04:00:00



<snip>

>   *You* have to cover all holes to stop them from breaking in -- while
> *they* only have to find one single hole to get in. It's not cricket,
> exactly ...

Hmmm... it is cricket: the sysadmin's the batsman - one mistake and he's
out - whereas the hacker's the bowler - hit him for six and still might
get you with his next ball :(

A change of innings would be nice :)

~ Matthew ~

 
 
 

How secure am I really??

Post by Jay D Riba » Sat, 12 Dec 1998 04:00:00


I don't know why I only mentioned sendmail.  I also use the latest versions
of Apache, Qpopper, as well as  more 'internal' stuff such as perl, tcl,
etc.

Sometimes its tough keeping up on all of the latest versions!

I was definitely thinking of implementing SSH.  Where can I find it for
download?   I understand the basic principles of SSH, but is there a windows
client also?  I do a lot of remote administration by dialing in and
telnetting to a box from one of my windows machines.   It would seem a
little odd to only have SSH protection from UNIX to UNIX telnet and not
windows to UNIX...

Thanks
Jay



>> 3. Downloaded and installed the latest version of sendmail.  Implemented
>> some of the anti-spam features in 8.9.1.

>Not just Sendmail.  Install the latest version of *everything* that has had
>a CERT advisory against it.

>If it's a service important enough to leave turned on, it's important
>enough to keep the patches up to date.

>The rest of your list looks pretty good - I'd also add:

>9) Disable telnet, and require the use of ssh instead, to prevent
>the sniffing of passwords/

 
 
 

How secure am I really??

Post by Jay D Riba » Sat, 12 Dec 1998 04:00:00


Yes, I didn't mention shadowing because that is a default for Slackware
Linux, and I think most versions of Linux nowadays...


>Hello Jay!


>> I used to think that my systems were fairly secure...but after reading
some
>> of the threads in here about people getting hacked, I am beginning to get
a
>> bit paranoid/worried.

>Be afraid. Be very -very- afraid. JK! :)

>What you described sounds very good. Up to date software counts for a
>lot. You mentioned passwords, I'm assuming that includes shadow.

>I'd suggest running tripwire daily and logcheck as often as possible.
>Tripwire is an 'after the fact' thing but useful. Logcheck helps a lot
>to nab wannabe crackers as -soon- as possible after an 'attempt' to
>write to thei ISP and stop them from from trying other servers. I
>average about one attempt a day on various services.

>And -backup- early and often!! It's only a matter of time; you -will-
>be cracked. Backups enable you to rebuild and restore as quickly and
>smoothly as possible, your users will love that.

>Have a :) day!

>jb

>--
>jim barchuk


 
 
 

How secure am I really??

Post by Chris Gree » Sat, 12 Dec 1998 04:00:00



Quote:> I was definitely thinking of implementing SSH.  Where can I find it for
> download?   I understand the basic principles of SSH, but is there a windows
> client also?  I do a lot of remote administration by dialing in and
> telnetting to a box from one of my windows machines.   It would seem a
> little odd to only have SSH protection from UNIX to UNIX telnet and not
> windows to UNIX...

Not hard to find if you look.

http://www.ssh.fi

ftp://ftp.cs.hut.fi/pub/ssh IIRC

See http://www.zip.com.au/~roca/ttssh.html for a free windows ssh
client. The terminal emulation of Tera Term (?) is pretty good and
makes it easy to convince users to dump win telnet.
--
cmg

 
 
 

How secure am I really??

Post by Tony Langd » Sat, 12 Dec 1998 04:00:00


It's 12 Dec 98  07:52:07,

discussion of How secure am I really??

 mp> Hmmm... it is cricket: the sysadmin's the batsman - one mistake and
 mp> he's out - whereas the hacker's the bowler - hit him for six and still
 mp> might get you with his next ball :(

Hehehe. :-)

Might have to bat like your boys did in the 70's. :P

(sorry, couldn't resist :-) ).

 mp> A change of innings would be nice :)

Well, you can always send a few deliveries of your own, as unlike
cricket, the pitch works both ways. :-) (not that I'd seriously advocate
"counter hacking").

.. I'm not a complete idiot -- several parts are missing.
--
|Fidonet:  Tony Langdon 3:635/728.18

|
| Standard disclaimer: The views of this user are strictly his own.

 
 
 

How secure am I really??

Post by Tony Langd » Sat, 12 Dec 1998 04:00:00


It's 12 Dec 98  08:27:49,

discussion of How secure am I really??

 jr> I was definitely thinking of implementing SSH.  Where can I find it
 jr> for download?   I understand the basic principles of SSH, but is there

ftp.replay.com (I think).

 jr> a windows client also?  I do a lot of remote administration by dialing
 jr> in and telnetting to a box from one of my windows machines.   It would
 jr> seem a little odd to only have SSH protection from UNIX to UNIX telnet
 jr> and not windows to UNIX...

You can buy a commercial client, but there's also a good freeware
alternative.  Tera Term, which is a telnet client can be installed.  You
then need to install the SSH add on, and it will do both telnet and SSH.

You can find links to Tera Term's home page on www.winfiles.com, and
from the home page, there is a link to the SSH add on.

Works fine for me. :)

.. All I need is a Wave and a board to surf it on.
--
|Fidonet:  Tony Langdon 3:635/728.18

|
| Standard disclaimer: The views of this user are strictly his own.

 
 
 

How secure am I really??

Post by Mark G. Thom » Sat, 12 Dec 1998 04:00:00



Quote:>I used to think that my systems were fairly secure...but after reading some
>of the threads in here about people getting hacked, I am beginning to get a
>bit paranoid/worried.

>I run an IPP, and my systems must be directly connected to the Internet.
>There is no real concept of stuff that could be hidden behind a firewall, so
>I am on the front lines.

>I use Slackware Linux, with a recent kernel.  Here are some of the steps I
>have taken to secure things.  I would appreciate more
>pointers/tips/suggestions/etc.

<stuff deleted>

Quote:>6. Implemented strong passwords for root, and the two admin accounts and
>change them on a regular basis.

All accounts need to have strong passwords.  Once someone is on the system
as any account, they will have a considerably easier time breaking root
and launching other attacks from your machine.

Quote:>7. Require CGI scripts to be run using CGIwrap, which runs the script as the
>UID of the user, not 'nobody'.

This sounds to me like it may hurt more then it helps you.  If users write bad
CGI scripts, then now the attacker effectively has their ID instead of
nobody!

Consider running httpd in a carefully set up chroot() area, with loopback
mounted read-only restricted filesystems, wherever possible.  Consider
setting up pairs of UIDs or using some other UID for just cgi, so user cgi
scripts are *not* running with the userid of login accounts on your system.

>8. Altered syslog.conf so that certain log messages go to non-world readable
>log files (to prevent joeuser from reading 'messages' and seeing that some
>dumbass tried to login with his password instead of his username, and it


Try to get this logging off onto another possibly more-secure machine.

Quote:>I can't remember some other steps I have taken, but am I missing anything
>significant??  One thing I wanted to do, but couldn't find much
>documentation on, was implementing some security for BIND 8.1, to prevent
>unauthorized zone transfers and things like that.  Any pointers?

I believe there are links to this info on http://www.isc.org/

You will want to use the allow-transfer {} directive.

>Also, how secure is it to post info on this newsgroup?  If I was a hacker I
>think I would read this group to find out who is secure and not secure....

>Thanks
>Jay Ribak


Hope this helps,

-Mark

--

 
 
 

How secure am I really??

Post by Chris Wal » Sat, 12 Dec 1998 04:00:00




Quote:

>See http://www.zip.com.au/~roca/ttssh.html for a free windows ssh
>client. The terminal emulation of Tera Term (?) is pretty good and
>makes it easy to convince users to dump win telnet.

I use SecureCRT (www.vandyke.com).  As part of a cooperative
arrangement with some folks at Univ of Wisconsin, I got my hands
on a list of SSH clients they maintain.  I, of course, lost the
Wisconsin URL, but a recent version of the list they put together
is on my web page:  http://www.ece.nwu.edu/~mack23/ssh-clients.html.

--

ECE Dept., Northwestern Univ.           for PGP 2.6.2 public key
Evanston, IL 60208 Ph:(847) 491-8141    ICBM: 42.054551 N, 87.694331 W      
Old house?  Check out The Old House Chronicle.  http://www.ece.nwu.edu/ohc/

 
 
 

1. Secure Secure Secure

O.k...
So...
Rookie question here...
We are running Red Hat Linux and have setup our DNS box and Web Servers,

All is well.
Now.....We want to be able to run Secure web sites on this system and do
not have the slightest clue as to how to do it.
I have been told I have to find some "hard to get version of Apache"
that supports 128 bit encryption...
Basically...
what do I need to do to be able to host secure web sites.
Buy a site certificate?........Where?
What software do we need.?
Can we do this just using cgi scripts?
Any suggestions ????

Please....if you are able to clarify this whole secure site thing...drop
me an e mail at

I will really appreciate it.....

thanks in advance..

Brian

2. X-automatik startup (V1.5)

3. I am the most useless dicklicker that you can find on usenet , really.

4. Used Aplha systems ?

5. I must be really bored if I am responding to this spam

6. KDE 2.2 beta1 out and looking good!

7. Am I really being hosted by a 386

8. Demi-Sable any one?

9. dircolors - am I really stupid?

10. Am i secure?

11. IS Linux really secure????

12. VSFTP is is really very secure?

13. iptable / ipchains really secure?