[ale] AT&T Broadbrand and Linux
Thompson Freeman
tfreeman at intel.digichem.net
Thu Oct 5 11:53:41 EDT 2000
Off the top of my head (sort of) and admitting to not being a decent
security expert and expecting much better advice from others on the
list...
First - go into /etc/inetd.conf and comment out absolutely everything
which you don't need. From the sounds of it - that should shut down just
about everything. Red Hat activates bunches of everything by default.
Second - Hopefully somebody will mention the URL for a site which will
port scan your machine for you to check that what you thought wasn't
activated actually isn't. Or get a friend to do so for you.
Third - Any service which _must_ run from your box, get the tcp-wrappers
set up (Primarily /etc/host.allow & /etc/host.deny). As a precaution, deny
everything to everybody in host.deny.
As I understand it, getting this far means that you are now ready to enter
the archane world of ipchains and packet firewalls. There are an
assortment of HowTos and books and web sites. I'm partial to Zeigler's
"Linux Firewalls" from New Riders Press, but there are others. Zeigler's
web site is reputed to be good, but I don't recall the URL.
Hope this helps some.
On Thu, 5 Oct 2000, Chris Woodruff wrote:
> I thought I would share my experiences with the list. I had a cable
> modem installed from AT&T (formerly MediaOne) on Tuesday. The tech got
> it running with Win98 and it was simple. Loaded up a win32 firewall app
> and was enjoying speeds up to 1100k. I was told that next month AT&T
> will be doubling the bandwidths on the network to 3000k from 1500k. So
> then I went to work with getting Linux to work with the cable modem. I
> was using RH 6.2 but couldn't get the system to find my new ethernet
> card. So I downloaded the RH 7 iso's (thanks to the person at GaTech
> for the mirror), burned the CD's and reinstalled. I was amazed to find
> that after the install everything was working correctly. I have to
> recommend AT&T broadband. They seem to have really corrected the issues
> that MediaOne had.
>
> My question is now about security. What services do I shutdown to
> secure my system to stop any havoc from the outside? I have shutdown
> sendmail and httpd. Does anyone know of a good security site that will
> help?
>
> Thanks
>
> Chris Woodruff
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
>
--
===========================================
The harder I work, the luckier I get.
Lee Iocca
===========================================
Thompson Freeman tfreeman at intel.digichem.net
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list