Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 3 Feb 1998 21:37:05 +0000
From:      "bahwi" <bahwi@cityscope.net>
To:        sporkl@dti.net
Subject:   Re: Security
Message-ID:  <199802040345.VAA06148@cs1.cityscope.net>
In-Reply-To: <Pine.BSF.3.96.980203222617.5335A-100000@mental>

next in thread | previous in thread | raw e-mail | index | archive | help
> If I were to let other people have telnet access to my machine, what
> would be a prudent number of security precautions to take?

Big question. (IMO)

1. Change the root password weekly, or every couple of days.

2. Disable the r* services, don't let people do that to you.

3. Shadow the password file(Can you do that in FreeBSD? I wonder)

4. Run a password cracking utility on YOUR own password file(NEVER on someone 
else's without their written permission) Make sure your users don't have simple 
passwords. Even the best security on a password file cannot prevent someone 
else from getting the file.

5. Check out http://www.rootshell.com/ and find everything you can.

6. Diallow rlogin and rsh and the other r* services.

7. Runs COPS(a port is available) and SATAN(SANTA for those who find it 
offensive)

8. Become Paranoid.

Perhaps I overdid it a bit, but I am paranoid without running a server(yet). 
Hope this helps.
-bahwi
email- bahwi@technologist.com
ICQ Name: bahwi                 UIN: 3328936
iChat Name: bahwi
-EOF



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199802040345.VAA06148>