[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Re:Securing RAQ3

Subject: Re: [cobalt-security] Re:Securing RAQ3
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Date: Sat, 29 Dec 2001 09:54:03 -0800
Organization: nobaloney.net
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Michael Stauber wrote:

> You could of course disable FTP altogether and tell your customers to use
> "scp" instead. It's part of SSH (with the OpenSSH-package you installed it as
> well) and is basically a "secure copy".

While we don't turn off FTP, we recommend that clients use SCP to upload
files to their site.  If they don't, it's their password that gets
compromised, not ours <wry grin>.

> By all means. It's a nice way to block ports, IP-addresses, entire subnets
> and undesired protocols. But once it is installed and *before* you use it you
> should take special care to read up on the ipchains documentation. It's easy
> (and embarassing) to lock yourself out of the machine. Happened to me more
> than once. ;o)

Will you share your rules, Michael <smile>?  Pretty please <smile,
again>?????

Jeff
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net
P. O. Box 52672, Riverside, CA  92517
voice: (909) 778-9980  *  fax: (702) 548-9484

Follow-Ups:
- Re: [cobalt-security] Re:Securing RAQs - gShield adaption project proposal
  - From: Michael Stauber

References:
- [cobalt-security] Re:Securing RAQ3
  - From: Bob Cruz
- Re: [cobalt-security] Re:Securing RAQ3
  - From: Michael Stauber

Prev by Date: Re: [cobalt-security] Active System Attack Alerts
Next by Date: Re: [cobalt-security] Re:Securing RAQs - gShield adaption project proposal
Previous by thread: Re: [cobalt-security] Re:Securing RAQ3
Next by thread: Re: [cobalt-security] Re:Securing RAQs - gShield adaption project proposal

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index