Differences between version 11 and predecessor to the previous major change of SecurityNotes.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
Newer page: | version 11 | Last edited on Friday, October 22, 2004 9:22:50 am | by PerryLorier | Revert |
Older page: | version 10 | Last edited on Monday, August 23, 2004 1:28:03 pm | by PerryLorier | Revert |
@@ -7,9 +7,11 @@
!Basic Machine Security:
* Don't use protocols such as telnet or ftp between machines on an untrusted network such as the internet - these send usernames and passwords around in clear text. Anonymous ftp is OK - you don't give away your details. Instead look into ssh(1) (Secure Shell). This encrypts all data between the machines.
-* Don't run unnecessary services (called "daemons" in UNIX) that allow internet connections - some distributions turn these on by default. Examples are mail or news servers and printer daemon (lpd). If you want to see a list of the daemons running on your machine, at a command prompt type:%%%
netstat -apAinet%%%
(You'll need to do this as "root" to get all process information). The lines that say "LISTEN" means a daemon is waiting for connections on the specified TCP port. Don't forget to check your UDP ports too - all sorts of things can lurk there.
+* Don't run unnecessary services (called "daemons" in UNIX) that allow internet connections - some distributions turn these on by default. Examples are mail or news servers and printer daemon (lpd). If you want to see a list of the daemons running on your machine, at a command prompt type:
+
netstat -apAinet
+
(You'll need to do this as "root" to get all process information). The lines that say "LISTEN" means a daemon is waiting for connections on the specified TCP port. Don't forget to check your UDP ports too - all sorts of things can lurk there.
* Firewall your machine using iptables(8) (or possibly ipchains(8) or even ipfwadm(8) if you're on an older machine). Don't just deny that which you know you don't want - deny everything, then specifically allow what you want to be let in.
See also SecuringYourBox (or refactor it to here.)
@@ -19,6 +21,8 @@
!Wireless Network Security:
See WirelessNetworkSecurityNotes
+!See also:
+AdvancedSecurityNotes
----
CategoryNetworking