[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Re:Securing RAQ3
- Subject: Re: [cobalt-security] Re:Securing RAQ3
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Fri, 28 Dec 2001 23:11:39 +0100
- Organization: Stauber Multimedia Design
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Bob,
> I believe it is working, I can no longer telnet in with the default telnet
> app that comes with MS-OS's.
>
> I can login with Putty with no problems.
Then it looks like you're all set in that regards.
> Now time to secure FTP?
Perhaps. FTP is awful as well as it sends usernames and passwords in plain
text.
You could of course disable FTP altogether and tell your customers to use
"scp" instead. It's part of SSH (with the OpenSSH-package you installed it as
well) and is basically a "secure copy".
There is a neat Windows-Client available for free which looks and feels
(almost) like WS_FTP. But it uses SSH / scp instead to copy files in an
SSH-encrypted fashion to (or from) the server.
WinSCP is available at this URL: http://winscp.vse.cz/eng/
> Also, I have been searching the archives and have come across lots of
> discussions about ipchains, is it a good idea to install ipchains?
By all means. It's a nice way to block ports, IP-addresses, entire subnets
and undesired protocols. But once it is installed and *before* you use it you
should take special care to read up on the ipchains documentation. It's easy
(and embarassing) to lock yourself out of the machine. Happened to me more
than once. ;o)
--
With best regards,
Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer