Secure Server
Rick Stevens
ricks at nerd.com
Wed Aug 5 18:26:34 UTC 2009
T. Howell-Cintron wrote:
> Alejandro Rodriguez Luna wrote:
>> Hi all!!
>>
>> I just wanted ask about the security of services like ssh, dns, etc,
>> what is the best way to secure this services?, perhaps /etc/hosts.allow
>> and /etc/hosts.deny?, or perhaps with a superserver inetd or xined?,
>>
>> what's the difference among those way to secure the system?
>
> Although /etc/hosts.* is an easy method of restricting access to certain
> services I'd suggest using IPTables to control who has access to what,
> as it's universal and offers more granular control over your rules.
It should also be noted that applications must be compiled and linked
with tcpwrappers support if they are to use the /etc/hosts.* files.
iptables occurs at the kernel level, long before hosts.* could be
invoked anyway.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer ricks at nerd.com -
- AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
- -
- "People tell me I look at the dark side. That's not true. I have -
- the heart of a small boy......in a jar right here on my desk." -
- -- Stephen King -
----------------------------------------------------------------------
More information about the users
mailing list