[CLUE-Tech] enabling ftp

Match Grun match at dimensional.com
Sat Mar 17 17:51:22 MST 2001 

Roger,

You ABSOLUTELY MUST DISABLE Telnet. Don't even use it. It uses cleartext
for everything. Switch over to SSH, even behind the firewall... leads to
good habits.

I was talking to an ex-coworker who had DSL with 6 IP static addresses
allocated to him. He thought it was great. He allocated an IP to each
machine he had. I pointed out to him that he would have to manage
security
for each machine. Recently he installed Linux on one of these computers.
Someone hacked in and destroyed his machine. When asked, did you leave
Telnet enabled... he replied Yes. Anyway, he now has a Linksys
firewall/router with all machines behind this.

I am also using the same Linksys firewall behind DSL. This works great.
It
has a web interface for management. I have port forwarding enabled for
HTTP and SSH. I only let in FTP on demand.

Match

rfrank wrote:
> 
> On Saturday 17 March 2001 08:49, Ian  wrote:
> > I can't say this enough.  TURN OFF FTP ASAP!!!!
> 
> Okay I disabled ftp (but not telnet).  I commented out the lines for
> ftp and ftp.data in /etc/services.  Is telnet as risky?  I guess with ssh
> I don't need either one of them.
> 
> > Especially since your on a cable modem (Road Runner?).  It is amazingly
> > easy to snoop on the Cable modem network to capture cleartext login
> > passwords.
> 
> I'm on Sprint Broadband service.  I've heard that cable modems are
> easily snooped, but I haven't heard if wireless Broadband connections are
> susceptible.  I'm guessing not.
> 
> > That was how I originally got compromised.  I went down the same path that
> > you are with how to secure your box.  First I'll get ftp.. then I'll get
> > apache.. then I'll get ssh.. then I'll put a firewall up.  Wrong order..
> 
> Okay so now the order is ipchains, then ssh.  OpenSSH seems to be
> preferred.  But that means I'll have to put new software on any machine
> that needs to get to my site.  A small price, I guess, for security.
> 
> Roger Frank
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech

More information about the clue-tech mailing list