[CLUE-Tech] enabling ftp

ian iguy at ionsphere.org
Sat Mar 17 11:06:43 MST 2001 

On Sat, Mar 17, 2001 at 09:37:03AM -0700, rfrank wrote:
> On Saturday 17 March 2001 08:49, Ian  wrote:
> > I can't say this enough.  TURN OFF FTP ASAP!!!!
> 
> Okay I disabled ftp (but not telnet).  I commented out the lines for
> ftp and ftp.data in /etc/services.  Is telnet as risky?  I guess with ssh
> I don't need either one of them.

Yeah.. Both of them send stuff in cleartext.  It is very much worth the time
to learn about the security implications of these tools. 

Another thing is look into tripwire to monitor your system or something
similar like an IDS system.  Just if your going to be always on the
net.

> > Especially since your on a cable modem (Road Runner?).  It is amazingly
> > easy to snoop on the Cable modem network to capture cleartext login
> > passwords.
> 
> I'm on Sprint Broadband service.  I've heard that cable modems are
> easily snooped, but I haven't heard if wireless Broadband connections are
> susceptible.  I'm guessing not.

Well I don't know what how the MMDS system works exactly.  Guess I should
look into.  However most if not all of the wireless things have proven
less than stellar in their security view.   I would be at least minimally
paranoid about anything that is not in your direct control.  So that would
fall into whenever information is left from your box at home and your 
remote box.  That connection in between is always suspect.

> > That was how I originally got compromised.  I went down the same path that
> > you are with how to secure your box.  First I'll get ftp.. then I'll get
> > apache.. then I'll get ssh.. then I'll put a firewall up.  Wrong order..
> 
> Okay so now the order is ipchains, then ssh.  OpenSSH seems to be
> preferred.  But that means I'll have to put new software on any machine
> that needs to get to my site.  A small price, I guess, for security.

Just a suggestion from someone who was compromised.  Lock down the firewall
first.  Then start opening things up.  One service at a time.  That way
you can do snoops from outside (i.e. your remote box) to check the 
security.  Look at nmap and SATAN to run against yourself from your
remote box to check and confirm that you only opened the service that you
want and didn't accidently open up something else.

ian

More information about the clue-tech mailing list