[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] Ports safe to close?
- Subject: RE: [cobalt-security] Ports safe to close?
- From: "APS" <sculthorpe@xxxxxxxxxxxxx>
- Date: Wed, 29 Aug 2001 15:44:17 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Forget portsentry it's a waste of time and resources in my opinion, it just creates useless noise, remove all non essential services, lock down access with IPChains (allow specific source IP's only for inbound ssh/ftp etc.) and place all those unwanted high risk country tld's in your hosts.deny file.
Once you have removed the non essential services you should be left with just a handful of easy to monitor services for which you can check are patched regularly, if you restrict inbound connections to ftp/ssh/whatever (as far as you can) using IPChains that will also help you feel confident.
Then go and play with Nessus :-) nmap is lovely but also kind of useless in some ways, and never access your RAQ admin GUI unless you go straight to https first, all you have to worry about then is people attacking the switched environment, but that is probably out of your remit :( so not much to do there.
Oh and don't put a RAQ online for even just 30 minutes without it being fully locked down, all this stuff about being hacked in less than a day is silly it's more likely you will be hacked in less than an HOUR unless your box is secure.
Regards,
Adam Sculthorpe
Internet Security Consultant
"The important secret of war is to make oneself master of the communications"
Napoleon I, Maxims of War (1831)