[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] How secure are RAQ's out of the box?

Ervin wrote:

> I'm pretty new to the *NIX world, being an NT guy for a 
> while.  I see the definite advantages of *NIX over NT,
> but I was just wondering how secure these Cobalts are
> out of the box (RAQ4).

Simple: like an NT4 or W2K server running IIS, or RedHat/SuSE/Mandrake/<your
favourite Linux flavour>, they're not at all secure right out-the-box.
There's a considerable amount of work to be done on most platforms which may
be used as Internet-facing servers before they should be parked in a
production environment... hence the large number of compromised machines on
the end of cable modems these days.

> But if anyone has some sort of guideline to secure RAQ4's
> (besides the latest patches), your comments are welcome and 
> appreciated.

Install an SSH server. Switch off unnecessary services (telnet, for one,
straight away). Install all Cobalt's patches, in order, right up to the
latest (after reading the Cobalt-Users list archive first!). Don't panic if
someone scans your IP addresses looking for vulnerabilities, since if you're
up-to-date you should be pretty much OK; besides, scans happen all the time
so you better get used to it. Also get used to perusing *all* your logfiles
for anomalous activity, or even better install something to do it for you
and drop you an email with the results.

Familiarise yourself with the use of ipchains for either blocking specific
IP addresses (although this has limited use, to be honest; I'll leave it to
you to figure out why) or for closing down services so they're only
available from specific IP addresses.

Last (but probably first!) buy yourself a good Linux administration book.
They're a godsend for command-line driving, IMO ;-)

Graeme
-- 
Graeme Fowler
System Administrator
Host Europe Group PLC