How secure si secure?

How secure si secure?

Post by Mik Miffli » Sat, 01 Sep 2001 04:21:44



Ok, my redhat system that will be my router and other *box (cd buning,
cd ripping, running a web server for internal net, etc) is almost ready for
the cable modem (I don't have it yet).  Here are the ports I have open:

Port       State       Service
21/tcp     open        ftp
22/tcp     open        ssh
80/tcp     open        http

ssh is the only one I want open to the outside.  My /etc/hosts.deny is:
ALL: ALL

/etc/hosts.allow:
ALL: strider
strider is my SuSE box (I name my boxes after Tolkien characters).

In my /etc/ftphosts:
allow mik strider
deny mik 0.0.0.0/32 <- denies mik from anywhere?

In my /etc/ftpusers, there is every user but mik.

In my httpd.conf, in <Directory "/var/www/html"> there is:
Order allow,deny
Allow from strider

And on top of that, I use iptables to filter out incoming traffic on ports
21 and 80.

Can anyone see any obvoius holes in this, and anything else I can add???  
Also, I need "security auditing software", or just tools script kiddies use
to break in.  All my passwords are secure (long and uppercase, lowercase,
numbers and symbols).  Ok that's all I can think to do...  Any help here...

 - Mik Mifflin

 
 
 

How secure si secure?

Post by nord » Sat, 01 Sep 2001 07:47:24



> And on top of that, I use iptables to filter out incoming traffic on ports
> 21 and 80.

Wrong approach. You should not explicitely block ports 21 and 80, but
instead block ALL ports and then explicitely allow port 22 (only for the IP
address/IP range that legitimate connects will come from). As you certainly
want to do some communication with the outside world, you should only block
incoming packets that have the SYN flag set (used to establish a TCP
connection). This way it is impossible to connect to anything but port 22.

Now that you're at it, block all incoming UDP traffic except for stuff that
comes from port 53 (DNS server). But only allow communication with the DNS
server that you actually use. Nobody else is supposed to send you any UDP
packets.

nordi

--
Linux - Less bugs for less bucks!

Visit http://private.addcom.de/nordi

 
 
 

How secure si secure?

Post by Mik Miffli » Sat, 01 Sep 2001 09:47:03




>> And on top of that, I use iptables to filter out incoming traffic on
>> ports 21 and 80.

> Wrong approach. You should not explicitely block ports 21 and 80, but
> instead block ALL ports and then explicitely allow port 22 (only for the
> IP address/IP range that legitimate connects will come from). As you
> certainly want to do some communication with the outside world, you should
> only block incoming packets that have the SYN flag set (used to establish
> a TCP connection). This way it is impossible to connect to anything but
> port 22.

> Now that you're at it, block all incoming UDP traffic except for stuff
> that comes from port 53 (DNS server). But only allow communication with
> the DNS server that you actually use. Nobody else is supposed to send you
> any UDP packets.

> nordi

Thanks for the tips, I'll use them wisely...

--
 - Mik Mifflin

 
 
 

1. Secure Secure Secure

O.k...
So...
Rookie question here...
We are running Red Hat Linux and have setup our DNS box and Web Servers,

All is well.
Now.....We want to be able to run Secure web sites on this system and do
not have the slightest clue as to how to do it.
I have been told I have to find some "hard to get version of Apache"
that supports 128 bit encryption...
Basically...
what do I need to do to be able to host secure web sites.
Buy a site certificate?........Where?
What software do we need.?
Can we do this just using cgi scripts?
Any suggestions ????

Please....if you are able to clarify this whole secure site thing...drop
me an e mail at

I will really appreciate it.....

thanks in advance..

Brian

2. PPP connection setup

3. secure/non-secure terminal designation

4. linux

5. Secure Server -OK, but what about Secure E-Mail?

6. innd messages?

7. secure/non-secure msg when viewing webpage

8. NFS on AIX 4.3.3 - newbe

9. use of secure and non secure FTP on the sme server

10. secure website error: "secure handshake failed"

11. secure logs of /var/log/secure

12. Secure XTerm and Secure Emacs

13. How secure is secure?