[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [[cobalt-users] Server Hacked?]

Subject: Re: [[cobalt-users] Server Hacked?]
From: "Richard E. Perlotto II" <richard@xxxxxxxxxxxx>
Date: Fri Feb 18 21:16:09 2000

Another thing to have loaded is tcp wrappers.  This can increase the amount of
logging you get when inetd services are used.  You can even have it e-mail
you when someone attempts to login that are against the rules that you have
set up.

In general it is better to disable all network services that you do not need,
and insure that all extraneous accounts are deleted.  There are dozens of other
security minded tasks that you could make, but it would get pretty long for me
to start naming them all.

I would invest in a book called 'Building Internet Firewalls' and 'Practical
Unix and Internet Security'.


Richard

spamcatcher wrote:
> 
> Perhaps we can have a tread of safety steps we can take right now to help
> secure the server? I know turning off telnet is the "big" tip, but are
> there others?
> 
> While I am on the topic of tips, does anyone have any tips or
> step-by-step guide of what and where to look if the server is compromised?
> 
> To kick things off, I'll give a play-by-play (in a new message) of what
> had happened to my server so others may learn from it.
> 
> Regards,
> Kar Mui
> 
> >> From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
> >>
> >> In case anyone's planning to take me up on the offer, it was actually made
> >> tongue-in-cheek; I don't want to try to break into anyone else's
> >> system(s).  The liability is too great.
> >>
> >> Jeff
> >
> >Come on, please, we want a play-by-play!
> >
> >I think it would be wise of us all to take note of security issues that
> >are raised and do what we can to implement
> >a fix or protect against these risks, a laissez-faire (sp?) attitude of
> >"Well, 15 GaBillion people had my root
> >password, but they were all cool enough not to F&*( with my machine so it
> >must be OK" is not a wise decision. Too
> >many of those script-kiddies everyone refers to.
> >
> >If this many people say telnet is bad, then log into your machine as one
> >of your users and see what you can do. I
> >guess by giving telnet access your essentially letting someone sit down at
> >your computer and saying have at it.
> >Even if the person that you give access to has the most integrity and is
> >your best-friend, was highly competent,
> >and would never screw you, it doesn't matter because anyone that knows
> >anything can listen for your best bud to
> >login via telnet, swipe the username/pw and their off. Maybe all these
> >people have a point...
> >
> >Joe
> >
> >BTW, I turned off telnet a long time ago after installing ssh 1.22.27 (I
> >think)
> >
> >
> >
> >
> >
> >
> >_______________________________________________
> >cobalt-users mailing list
> >cobalt-users@xxxxxxxxxxxxxxx
> >http://list.cobalt.com/mailman/listinfo/cobalt-users
> >
> 
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-users

References:
- Re: [[cobalt-users] Server Hacked?]
  - From: spamcatcher

Prev by Date: Re: [cobalt-users] Forwarding to external recipient
Next by Date: Re: [[cobalt-users] Server Hacked?]
Previous by thread: Re: [[cobalt-users] Server Hacked?]
Next by thread: [cobalt-users] Re: New MySQL

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index