From owner-freebsd-security  Wed Oct 27 17:31: 5 1999
Delivered-To: freebsd-security@freebsd.org
Received: from shell6.ba.best.com (shell6.ba.best.com [206.184.139.137])
	by hub.freebsd.org (Postfix) with ESMTP id 1FADF14CC0
	for <FreeBSD-Security@FreeBSD.ORG>; Wed, 27 Oct 1999 17:30:54 -0700 (PDT)
	(envelope-from jkb@shell6.ba.best.com)
Received: (from jkb@localhost)
	by shell6.ba.best.com (8.9.3/8.9.2/best.sh) id RAA19345;
	Wed, 27 Oct 1999 17:29:51 -0700 (PDT)
Message-ID: <19991027172950.B17924@best.com>
Date: Wed, 27 Oct 1999 17:29:50 -0700
From: "Jan B. Koum " <jkb@best.com>
To: "Jean-Pierre H. Dumas" <jphdumas@yahoo.fr>,
	FreeBSD-Security@FreeBSD.ORG
Subject: Re: Security tests
References: <19991026143635.25359.rocketmail@web1003.mail.yahoo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <19991026143635.25359.rocketmail@web1003.mail.yahoo.com>; from Jean-Pierre H. Dumas on Tue, Oct 26, 1999 at 04:36:35PM +0200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, Oct 26, 1999 at 04:36:35PM +0200, "Jean-Pierre H. Dumas" <jphdumas@yahoo.fr> wrote:
> 
> Then I installed Nessus 0.98.3 on a SuSE Linux 6.2
> (I could not build it, or run it on FreeBSD, I tried
> to use the port and it failed in a way I don't
> understand) and I did the scan of the server.
> No big deal, the biggest problem
> being that telnet is still the way to connect from
> a Windows client. Sniffers are only a very remote
> possibility in our context. (I have to check about
> ssh, but it is not done yet.)


Do it then. Hurry up. SSH is Jesus! :)

Really though -- there are planty of good ssh clients for Windows out
there. I'd myself recomment SecureCRT 2.4 from VanDyke. Best way to
convert people to use ssh over telnet is to turn of inetd! Trust me.


> Question: What can I do more to have a realistic
> report about this server's security ?


From outside run nmap (http://www.insecure.org/nmap) against your machine
to see what is open. Close everything but ssh port and whatever else you
need open (http, pop3, etc.)


> Is there any other scanners or whatever that I can get
> and run, either from within the server, or from
> outside (I have a FreeBSD 3.2, Linux and Windows 95
> machine on the Ethernet)

See above. You can run nmap from linux against freebsd. There are many
commercial and freeware scanners out there for Windows.

-- yan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message