[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] How secure are RAQ's out of the box?

Subject: Re: [cobalt-security] How secure are RAQ's out of the box?
From: "Kevin D" <kdlists@xxxxxxxxxxxxxxx>
Date: Mon, 24 Sep 2001 16:51:54 -0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> but I was just wondering if Cobalt takes any steps to tighten security
when
> creating the Cobalt/Linux OS for the RAQ's.

A quick list:
-stop all unnecessary services
-use ssh instead of telnet
-install SSL on your home site so that when you log into the GUI, username
and password pair are encrypted
-use intrusion detection /monitoring software (fcheck, snort, logcheck, etc)

Lots of people will tell you to use portsentry, but I would advise against
this (possible DoS, performance hit).

> (And believe me, not all customers know what their doing, and do
> upload vulnerable cgi scripts.)

#1 source of problems, especially spam. Monitor your CGI traffic carefully.

> I know, I know, Cobalt's are probably really made for ease of
> use/administration, and the price to pay for user friendliness is flawed
> security.

I wouldn't say flawed, but port 81 running apache as root is a bit scarey.
If you aren't letting customers access the GUI, filter port 81 at your
router/firewall.

Kevin

References:
- [cobalt-security] How secure are RAQ's out of the box?
  - From: Ervin Tarkhanian

Prev by Date: Re: [cobalt-security] How secure are RAQ's out of the box?
Next by Date: Re: [cobalt-security] NAT Question
Previous by thread: Re: [cobalt-security] How secure are RAQ's out of the box?
Next by thread: RE: [cobalt-security] How secure are RAQ's out of the box?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index