Re: [cobalt-users] security issues?

["cbtrussell" <cbtrussell@xxxxxxxxxxx>]

Hi Colin,

> What is the best way to go about moving from telnet (and ftp) to ssh (and
> secure ftp)?

Download and install the SSH package from pkgmaster or solarspeed.net (<-- 
recommended). Both are free.

Use Putty (search Google) and you're set for SSH. Or SCP (secure copy).
Secure FTP is either via SCP, or perhaps SafeTP.

> What security issues should I be concerned about after I install the
> latest cobalt packages for my RaQ 4 and move to SSH? Are there any
> well-known security holes that have not yet been patched by Sun/Cobalt?

Download and install the solarspeed Bind upgrade. I'm sure there are others
that the list will contribute.

 > Are there any other issues (security or otherwise) that I should be aware
> of or that you would like to point out? Any little tidbits would be
> helpful. My experience with sysadmin-ish tasks has been limited to Solaris
> and IRIX on trusted internal networks. I am very rusty when it comes to
> security.

Put a self signed SSL cert on your admin server. Never login via FTP or POP3
or any other insecure service with your admin password. There's a security
primer that gets posted on here and cobalt-security once per month that has
some good pointers. Above all, purchase the solarspeed.net security package
for a comprehensive firewall/logcheck/tripwire setup. It's worth twice the
price. We require all of our colocation customers to have it (or equivalent
software) installed. Highly recommended.

Good luck!

Brandon