[Pipet Devel] new server up

Thomas.Sicheritz at molbio.uu.se Thomas.Sicheritz at molbio.uu.se
Fri Mar 19 03:13:50 EST 1999

 > > Tim has the idea...  I don't quite agree with Carlos's assesment of
 > > Red Hat's security flaws, but I don't think that matters if /etc/hosts.*
 > > files were set up properly and only SSH, port 80, and perhaps anonymous
 > > FTP were allowed from "unknown" hosts.
 > Okay.  We need someone to volunteer to be our anti-cracker.
 > Tim?  Carlos?  Dave?  Rahul?

I agree in RedHat being the least secure of all distributions - I switched
from Debian & RH to Suse on all of the departments and my personal
One of our fresh installes RH machines was on the net in 7 minutes before
the first successfull crack-in ... :-(

My policy here is
* restricted secure shell 
* if ssh is not an alternative: tcp_wrapper protected telnet/ftp
  and I do NOT close all ports - instead I wrapp/twist/fake them with tcp_wrapper
  so that we get a chance to notice any cracking attempts; read script kiddies
  (try to finger me at beagle.bmc.uu.se - I assure you we dont have users
  named fritz or bertram)
* of course ... no rsh.rcp, rhost etc.

My suggestion is to (at least) wrap all open ports directly in inetd.

I fear that I have to stop looking at python and the sequence editor for a
while ... to many meetings and to many unwritten thesises (=1) 


Sicheritz Ponten Thomas E.  Department of Molecular Biology
blippblopp at linux.nu         BMC, Uppsala University
BMC:  +46 18 4714214        BOX 590 S-751 24 UPPSALA Sweden
Fax   +46 18  557723        http://evolution.bmc.uu.se/~thomas
Molecular Tcl:   http://evolution.bmc.uu.se/~thomas/tcl
Molecular Linux: http://evolution.bmc.uu.se/~thomas/mol_linux

	De Chelonian Mobile ... The Turtle Moves ...

More information about the Pipet-Devel mailing list