Open Ports for Linux (was a very different topic)

Stephen Smoogen smoogen at lanl.gov
Tue Aug 26 03:06:09 UTC 2003


I would say that people who are interested in this problem should look 
at offering patches. Looking over the list in /etc/rc.d/rc.sysinit the 
proper runtime level people who want complete lockdown is RunLevel 2 or 
configuring 4 to be that.

Depending on a firewall as the only protection is not a solution. There 
are too many people who probably will turn off RH firewalls because the 
one in 8 and 9 broke too many NFS etc environments. 

Also a complete audit of portmap should be in order because it has had a 
long history of problems. [That may be a bit hard as it seems to have 
been written by Wietse Venema, but the readme hasnt been touched since 
1996 so bit rot may have occured.]

XFree86 should have stronger protection than just the firewall. Having 
it only listen locally with the best practices of using SSH to 
forward connections would seem to be best.

On Mon, 25 Aug 2003, Lamar Owen wrote:

>On Monday 25 August 2003 14:39, Steve Dickson wrote:
>> Firewalls is the best way to deal with network security.... and there
>> no system configuration that we can do to change that fact...
>
>Security is not so one-dimensional to fall to a one-dimensional solution.
>

-- 
Stephen John Smoogen            smoogen at lanl.gov
Los Alamos National Labrador  CCN-5 Sched 5/40  PH: 5-8058
Ta-03 SM-261  MailStop P208 DP 17U  Los Alamos, NM 87545
-- So shines a good deed in a weary world. = Willy Wonka --





More information about the devel mailing list