Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

Re: Security matters: keep thy doors closed!

by Maclir (Curate)
on Jun 14, 2002 at 19:19 UTC ( #174699=note: print w/ replies, xml ) Need Help??


in reply to Security matters: keep thy doors closed!

A good general principal with security is to start from the premise "everything is proibited except that which I explicitly allow". This starts with your server. Whatservices does it run? The default stuff in inetd, straight out of the box?

We built our own firewall at the place that I use to work - there were two old Sun Sparcstation 10s (or 2s or some antique Sun hardware from the early 1990s) Each had on the motherboard an ISND port, which matched our (then) internet connection.

We installed Solaris 2.6.1 (I think), then went through all the rc.d scripts brutally. There were only three TCP/IP daemons running - apache, DNS and sendmail. Lots of controls on those to limit who could connect to them.

So, if your server physically cannot run may services that could pose a vulnerability, you are a few steps closer to a secure system.


Comment on Re: Security matters: keep thy doors closed!

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://174699]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (11)
As of 2014-07-22 21:00 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (128 votes), past polls