March Meeting Presentations

George Toft plug-discuss@lists.plug.phoenix.az.us
Mon, 11 Mar 2002 18:32:48 -0500 

What caught my attention was it was running KDE, implying runlevel 5.
No need to have gpm running in runlevel 5.  Yes it was minor, but
so is having the iPlanet splash page on a URL in a corporation.  It
is not a problem per se, but indicates a lack of attention in the
configuration of a machine, which makes it an easier target.

Next was portmapper and sendmail.  Having sendmail indicates this is 
a mail server.  I shy away from having portmapper (or any r* services)
on any server w/o a good firewall or two between it and the Internet.

My philosophy is that no machine should rely soly upon a firewall for
protection - they should be able to stand alone for a short period
of time in case the firewall is compromised.  You do have an Intrusion
Detection System on your firewall, right?  IMHO, those $100 appliances
that Linksys sells are good for the average home user, but for us
more informed Linux weenies, we should set up a better firewall that
includes an IDS.  Another opinion: no workstation should accept
traffic sent to it unless that traffic is a response to something it
initiated.  Third opinion: no production server whould be used as a 
workstation.

Regards,

George




"John (EBo) David" wrote:
> 
> George Toft wrote:
> >
> > "John (EBo) David" wrote:
> > >
> > > George Toft wrote:
> > > >
> > > > Hi John,
> > > >
> > > > Post a ps and let the group dissect it.
> > >
> > > Ok... See appended:
> > >
> > >   EBo --
> > >
> > > ps: next time I notice the odd stuff hapening I'll post again.
> > >
> >
> > This machine is not connected to the Internet without a
> > firewall, is it?
> 
> supposedly there is one, but I seriously doubt it's effectiveness as I
> have no controll over it and I have some reason to question it (like the
> hundreds of CR hits a day my HTTPD server had when I had it up -- which
> BTW I may need to bring back up again)...
> 
> > Please say it isn't.
> 
> That bad huh.  I'm curious about your reaction though....
> 
> A little time back I switched from SuSE (which I had a much better
> handle on) to RH due to what I considered a lack of support from SuSE.
> So, this machine has not been up long in this configuration -- basically
> being a fairly new install.
> 
>    EBo --
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> 
> PLUG-discuss mailing list  -  PLUG-discuss@lists.plug.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss