Pages: 1
jpham
If I wanted to setup a linux box, disabled telnetting, how many other ways can people get in?
JTY
It depends a lot on what other software you're running.
bitel.biz
Heh, if you do regular updates it'll be the most secure of all OS's. If you want your server to be regularly hacked install M$ Winblows. Even if you install sun/solaris, as those are known as very stable, they are usually very late with updates (3-6 months after exploits are realesed).
So, I would go for Linux or FreeBSD and I would subscribe to security mailing lists to be up-to-date when some bugs are discovered or just subscibe to mail from the vendor of the OS.
Visit lists.insecure.org for security related mailing lists.
So, I would go for Linux or FreeBSD and I would subscribe to security mailing lists to be up-to-date when some bugs are discovered or just subscibe to mail from the vendor of the OS.
Visit lists.insecure.org for security related mailing lists.
jpham
Quote:
|
Originally posted by JTY It depends a lot on what other software you're running. |
ftpd and httpd and mail... can people get access to db's and the sort from poorly written scripts?
JTY
I'll assume you want to run wu-ftpd, apache, and sendmail.
I would use proftpd instead of wu-ftpd, and postfix instead of sendmail.
And, yes if a script is poorly written a person may be able to gain unauthorized access to a db, or your whole system.
I would use proftpd instead of wu-ftpd, and postfix instead of sendmail.
And, yes if a script is poorly written a person may be able to gain unauthorized access to a db, or your whole system.
Mr Chunder
There are two methods of attack - one is to hack in via a doorway and the other is to blast the server with rubbish packets in some attempt to crash the server - called a Denial of Service - DoS.
For the doorway business, it can be an open port on the server where some program running on the server is listening to e.g. httpd will listen to 80, ftpd port 21 etc. etc. If one of these programs has a vulnerability in it, a hacker will find it and attempt to get in.
To be really secure, you will need a hardware firewall where the port traffic can be controlled but these do work out quite expensive. There are cheaper alternatives but they may not work as well.
As people say on this thread keep up to date with bug reports of your chosen os and all your chosen apps. also, run a port scanner on your final setup to check that all is well.
finally, I think that the comment that Microsoft will guarrantee a hack is not totally fair and a little hard
. M$ was really useless about security but recently, they have done much to tighten up IIS4 and IIS5 webservers so that these are now producing (apparantly - according to press reports) less vulnerabilty reports than Linux - I have not counted them up recently myself.
For the doorway business, it can be an open port on the server where some program running on the server is listening to e.g. httpd will listen to 80, ftpd port 21 etc. etc. If one of these programs has a vulnerability in it, a hacker will find it and attempt to get in.
To be really secure, you will need a hardware firewall where the port traffic can be controlled but these do work out quite expensive. There are cheaper alternatives but they may not work as well.
As people say on this thread keep up to date with bug reports of your chosen os and all your chosen apps. also, run a port scanner on your final setup to check that all is well.
finally, I think that the comment that Microsoft will guarrantee a hack is not totally fair and a little hard
. M$ was really useless about security but recently, they have done much to tighten up IIS4 and IIS5 webservers so that these are now producing (apparantly - according to press reports) less vulnerabilty reports than Linux - I have not counted them up recently myself.