Am i secure?

Am i secure?

Post by Tbag » Fri, 05 May 2000 04:00:00



I'm using redhat 6.2 ... I set my hosts.deny to ALL : ALL and basically just
allow my own isp.   Is this decent security? Do I need to use ip chains too?

thanks

 
 
 

Am i secure?

Post by Rick Matthe » Sat, 06 May 2000 04:00:00



>I'm using redhat 6.2 ... I set my hosts.deny to ALL : ALL and
>basically just allow my own isp.   Is this decent security? Do I
>need to use ip chains too?

Have your pc scanned to see how secure it is.

http://www.secure-me.net/
http://www.secure-me.net/scan

 
 
 

Am i secure?

Post by Arnold Hendrik » Sat, 06 May 2000 04:00:00




>>I'm using redhat 6.2 ... I set my hosts.deny to ALL : ALL and
>>basically just allow my own isp.   Is this decent security? Do I
>>need to use ip chains too?
> Have your pc scanned to see how secure it is.

Or read one of the many security webpages or howtos. Don't rely on a
portscan to tell you about your security. They help, but not too much.

And in this case they make no sense at all: a portscan cannot see which
ports you protected with 'ALL: ALL' in hosts.deny, and which are unprotected.

--

B-Lex Information Technologies

PGPKey: 2048/75929DC1     92 F1 6D A4 86 5A AE 50  CF 78 01 5B 18 94 18 40

 
 
 

Am i secure?

Post by Mike Tatro » Sat, 06 May 2000 04:00:00


Tbag spewed forth:
T>I'm using redhat 6.2 ... I set my hosts.deny to ALL : ALL and basically just
T>allow my own isp.   Is this decent security? Do I need to use ip chains too?

hosts.allow and hosts.deny are part of the tcp_wrappers package.

What tcp_wrappers does for you (from the README):
        access control to restrict what systems can connect to what network
        daemons; client user name lookups with the RFC 931 etc. protocol;
        additional protection against hosts that pretend to have someone elses
        host name; additional protection against hosts that pretend to have
        someone elses host address.

tcp_wrappers only works on network daemons invoked by inetd.  
Check your /etc/inetd.conf and you should see several instances of tcpd.
Those services are already wrapped.

As far as securing your box, I think the mantra here is
        1) Comment out everything in /etc/inetd.conf
        2) Use ipchains to deny everything incoming
        3) Install some flavor of ssh

Now that you're locked down a bit, time to RTFM.  Read up on tcp_wrappers,
even if you aren't using any services in inetd.conf, tcp_wrappers will do
some logging that may be useful.  Read up on ipchains.  At some point,
you're probably going to want to start allowing some sort of packets thru.  
Understand why ssh is important, and why you should probably just delete
telnet/telnetd/ftp/ftpd, etc...

Check out SAINT, SARA, nmap, and nessus for testing your network security.
Check out Crack, COPS, and Tripwire for testing your system security.

Keep it simple stupid.
The more complicated you make things, the more likely something is to get
*ed.

        Stay Alert.
                Trust No One.
                        Keep Your Laser Handy.

--
"Human beings, who are almost unique in having the ability to learn from
the experience of others, are also remarkable for their apparent
disinclination to do so."
                  -Douglas Adams

 
 
 

Am i secure?

Post by FunkyGee » Sun, 07 May 2000 04:00:00


You have to bear in mind that hosts.deny will ONLY deny access to services
running under tcpd like telnet, ftp, finger etc... take a look at
/etc/inetd.conf. If a line in inetd.conf doesn't contain /usr/sbin/tcpd (or
whatever _your_ path to tcpd is) and it's not commented out, then you have a
service which ISN'T protected by hosts.deny.
    These services should have their own access control. Look at the man
pages on the services you are running. Also bear in mind, that some
portscanners only scan ports within a certain range by default - if there
was a port open at something like say 52000 then some, like nmap won't pick
it up, unless you specify the range of ports you want scanned (0-65535). If
you are going to run a portscanner, do it from another machine -
portscanners scanning localhost don't tell the whole story.




> >>I'm using redhat 6.2 ... I set my hosts.deny to ALL : ALL and
> >>basically just allow my own isp.   Is this decent security? Do I
> >>need to use ip chains too?
> > Have your pc scanned to see how secure it is.
> Or read one of the many security webpages or howtos. Don't rely on a
> portscan to tell you about your security. They help, but not too much.

> And in this case they make no sense at all: a portscan cannot see which
> ports you protected with 'ALL: ALL' in hosts.deny, and which are
unprotected.

> --

> B-Lex Information Technologies

> PGPKey: 2048/75929DC1     92 F1 6D A4 86 5A AE 50  CF 78 01 5B 18 94 18 40

 
 
 

1. Secure Secure Secure

O.k...
So...
Rookie question here...
We are running Red Hat Linux and have setup our DNS box and Web Servers,

All is well.
Now.....We want to be able to run Secure web sites on this system and do
not have the slightest clue as to how to do it.
I have been told I have to find some "hard to get version of Apache"
that supports 128 bit encryption...
Basically...
what do I need to do to be able to host secure web sites.
Buy a site certificate?........Where?
What software do we need.?
Can we do this just using cgi scripts?
Any suggestions ????

Please....if you are able to clarify this whole secure site thing...drop
me an e mail at

I will really appreciate it.....

thanks in advance..

Brian

2. how to connect to the apache web server

3. Am I secure with ipchains and TCP WRAPPERS??

4. version control for crontabs?

5. How secure am I really??

6. short of memory?

7. How secure am I?

8. Bug in PTY handling

9. This clone thing...am I stupid, or am I right?

10. I am with the following error, when i am running lilo...

11. Am I touchy? Or am I right?

12. Am I seeing IPv5, or am I hallucinating?