Open Ports for Linux (was a very different topic)
Stephen Smoogen
smoogen at lanl.gov
Tue Aug 26 03:06:09 UTC 2003
I would say that people who are interested in this problem should look
at offering patches. Looking over the list in /etc/rc.d/rc.sysinit the
proper runtime level people who want complete lockdown is RunLevel 2 or
configuring 4 to be that.
Depending on a firewall as the only protection is not a solution. There
are too many people who probably will turn off RH firewalls because the
one in 8 and 9 broke too many NFS etc environments.
Also a complete audit of portmap should be in order because it has had a
long history of problems. [That may be a bit hard as it seems to have
been written by Wietse Venema, but the readme hasnt been touched since
1996 so bit rot may have occured.]
XFree86 should have stronger protection than just the firewall. Having
it only listen locally with the best practices of using SSH to
forward connections would seem to be best.
On Mon, 25 Aug 2003, Lamar Owen wrote:
>On Monday 25 August 2003 14:39, Steve Dickson wrote:
>> Firewalls is the best way to deal with network security.... and there
>> no system configuration that we can do to change that fact...
>
>Security is not so one-dimensional to fall to a one-dimensional solution.
>
--
Stephen John Smoogen smoogen at lanl.gov
Los Alamos National Labrador CCN-5 Sched 5/40 PH: 5-8058
Ta-03 SM-261 MailStop P208 DP 17U Los Alamos, NM 87545
-- So shines a good deed in a weary world. = Willy Wonka --
More information about the devel
mailing list