On Sat, Sep 02, 2000 at 08:23:08PM -0500, Phil Brutsche wrote: > A long time ago, in a galaxy far, far way, someone said... > > > Hai, > > > > I'm trying to secure my system, I ran pmfirewall and some tests. > > It seems that rpc.mountd still listens on port 1024 even on the > > outgoing ethernet. ... > I would remove the nfs-server (or nfs-kernel-server, whichever you have > installed) package. You don't need that package to connect to an NFS > server; only if you're going to *be* the NFS server do you need it.
Okee, removed it. > > local machine. In the end I also think of letting the firewall machine > > act as a local mail and news server (is that deemed secure?). > > It can be a bad thing: I call having "too many" services on one system > "too many eggs in one basket". I've seen situations in the past where an > exploit in one piece of software will expose the entire system to the > attacker, and let him/her gain access to all that computer offers. agreed, but... I only want to run it as a local service, not as a service to the net. The reason being that my firewall is the only machine on 24/7, so it seems the logical place to provide *local-only* services to my localnet. But being new to this securing thingy I don't know whether such a setup would compromise security, neither do I know how to disable internet access to those services, and how rigidly that can be done. I've a lot of reading to do:) -- groetjes, carel
