On Sun, Nov 21, 1999 at 03:33:52PM -0800, Wellington Terumi Uemura wrote:
: 1 - How can we(linux community) make ftp,telnet and mail server,not to
: respond to a brute force attack?Like, give "3" chances for logins and
: passwords for all services.
If you're really serious, I'd start by doing the following:
1) inetd.conf: turn off rlogin/rsh/rexec/telnet/ftp/finger/linuxconf
* Use ssh/scp/sftp instead.
2) run ntsysv: turn off lpd/nfs/nfslock/portmap/routed/rusersd/rwhod
3) Install ssh.
* Get the openssl SRPM out of contrib/libc6/SRPMS rpm --rebuild,
then install the resulting RPMS
* Get the openssh SRPM from www.openssh.com, rpm --rebuild, then
install the resulting RPMS
4) Install some sort of one time password system
* s/key
* opie
* pam_opie.so
ftp://ftp.kernel.org/pub/linux/libs/pam/pre/modules/
5) Install ALL of the RH updates and keep up with them, as well as any
security updates from third party software you use.
: 2 - How can i protect my sistem against portscans,backdor scanners?
Install a firewall and intrusion detection. Monitor them both closely.
If cost is a large factor, consider adding firewall feature sets to your
router. IOS Firewall isn't all that much money.
: I know that is
: impossible to make 100% secure box but 90% will do great for me.
It's impossible to quantify your percentage of risk.
--
Jason Costomiris <><
Technologist, cryptogeek, human.
jcostom {at} jasons {dot} org | http://www.jasons.org/
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
