security

Øyvind Repvik mlists at netcom.no
Sun Oct 7 09:06:54 PDT 2001


At 09:38 07.10.2001 -0400, you wrote:
>No firewall is a bad thing.  Running a linux computer without a firewall
>is quite risky and will get u to be hacked quite fast if they do a few
>nmap scouts ip scouts.

I wouldn't say so. There are no services running on LFS by default, and 
thus really no easy ways to enter...

>They find you, and notice no firewall, etc.  You
>could be in trouble, and might have to totally redo your whole LFS, which
>would suck butty. What I would look into doing is use an iptables script
>that protects you.  Also I would make sure not to run any stupid servers
>like telnet, rsh, rlogin, etc.  They are dumb and cleartext.  Also I would
>look to block your X-Windows ports as well, so that nobody can connect to
>your X-Windows server which auto runs when you startx.

I'd like to see someone who can discern my firewall from my 
internet-connected workstation...
Telling whether a linux-system is a workstation/server or a firewall is 
pretty hard.

IPTables protection is a good idea though, and not running services that 
use plaintext passwords, such as telnet and FTP.

My recommendation, considering you're on dialup with a non-critical system, 
is simply to not run any unneeded services, and use secure versions of 
those you *have* to run.

The probability of someone skilled trying to hack a system on a dialupline 
is increasingly slim, and *if* that is to happen... Well... I guess it's 
time to rebuild.

>Edward Pinski
>
> >
> > Good evening all,
> >
> > I have been reading numerous articles lately on the Net about security.
> > I have to say that I am now more confused than before I started.
> >
> > I run a single box, an home PC, no networking other than connecting to
> > the Internet via a modem. I have shadow password thingy installed (this
> > OS is LFS3.0). Should I take further measures? I accept that life is
> > full of risk, so I don't take the paranoid approach - apologies Jeff
> > Neitzel, I have read your excellent hint and implemented most of it.
> > It's just that I have reached the age where "C'est la vie" is often the
> > most appropriate response to life's glitches.
> >
> > Despite this seeming unconcern, I would like to hear the opinions of
> > others on what level of security I should reasonably implement.  Bear in
> > mind, this PC is a home jobby, nothing of importance is stored on it -
> > well nothing that can't be built or typed or downloaded again.

Øyvind Repvik
Phone: +47 99389004

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe blfs-support' in the subject header of the message



More information about the blfs-support mailing list