[CLUE-Tech] enabling ftp
Cyberclops
Cyberclops at hawaii.rr.com
Sat Mar 17 13:42:19 MST 2001
And where can you find "tripwire" again is this for Linux too? I assume
it is.
ian wrote:
>
> On Sat, Mar 17, 2001 at 09:37:03AM -0700, rfrank wrote:
> > On Saturday 17 March 2001 08:49, Ian wrote:
> > > I can't say this enough. TURN OFF FTP ASAP!!!!
> >
> > Okay I disabled ftp (but not telnet). I commented out the lines for
> > ftp and ftp.data in /etc/services. Is telnet as risky? I guess with ssh
> > I don't need either one of them.
>
> Yeah.. Both of them send stuff in cleartext. It is very much worth the time
> to learn about the security implications of these tools.
>
> Another thing is look into tripwire to monitor your system or something
> similar like an IDS system. Just if your going to be always on the
> net.
>
> > > Especially since your on a cable modem (Road Runner?). It is amazingly
> > > easy to snoop on the Cable modem network to capture cleartext login
> > > passwords.
> >
> > I'm on Sprint Broadband service. I've heard that cable modems are
> > easily snooped, but I haven't heard if wireless Broadband connections are
> > susceptible. I'm guessing not.
>
> Well I don't know what how the MMDS system works exactly. Guess I should
> look into. However most if not all of the wireless things have proven
> less than stellar in their security view. I would be at least minimally
> paranoid about anything that is not in your direct control. So that would
> fall into whenever information is left from your box at home and your
> remote box. That connection in between is always suspect.
>
> > > That was how I originally got compromised. I went down the same path that
> > > you are with how to secure your box. First I'll get ftp.. then I'll get
> > > apache.. then I'll get ssh.. then I'll put a firewall up. Wrong order..
> >
> > Okay so now the order is ipchains, then ssh. OpenSSH seems to be
> > preferred. But that means I'll have to put new software on any machine
> > that needs to get to my site. A small price, I guess, for security.
>
> Just a suggestion from someone who was compromised. Lock down the firewall
> first. Then start opening things up. One service at a time. That way
> you can do snoops from outside (i.e. your remote box) to check the
> security. Look at nmap and SATAN to run against yourself from your
> remote box to check and confirm that you only opened the service that you
> want and didn't accidently open up something else.
>
> ian
>
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
More information about the clue-tech
mailing list