[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] One weird HaQ... have you seen this..
- Subject: Re: [cobalt-security] One weird HaQ... have you seen this..
- From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
- Date: Wed, 13 Feb 2002 12:23:13 -0800
- Organization: nobaloney.net
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Jeff Bilicki wrote:
> Suggestions:
> - When importing with CMU use the -p option so all the password will be
> changed, also change the default password in /etc/cmu/cobaltBase.xml
> (userPasswd).
Thanks for some great suggestions, Jeff. I'm a bit confused over what
the -p option does <frown>. Does it change all passwords to the value
of userPasswd?
I'll offer that as something for my client to deal with.
> - Disable all cgi, ssi, asp, jsp, fpx or any other scripting langauge.
Another great idea. I suppose we can start in this mode, but most of
the sites on this system are FP <frown>.
> - Run a sniffer detector on your network, to make sure he/she hasn't hack another
> box and is using it to sniff passwords.
> http://www.securiteam.com/tools/2GUQ8QAQOU.html
We've checked our systems for "promiscuous" mode and do so on a regular
basis already.
> - Put your own sniffer on the same subnet and log all traffic to the box.
That's a bit beyond me at the moment; I have a book I'll look it up in.
Good idea, though I'm not sure I'm the one who wants to wade through the
logs <wry grin>.
Again, thanks!
Jeff
--
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net
P. O. Box 52672, Riverside, CA 92517
voice: (909) 778-9980 * fax: (702) 548-9484