Re: Security for SUN-Cluster 3.0/2.2 with OPS (8.1.7)

From: Fabrice Bacchella (fabrice.bacchella@synaptique.com)
Date: 11/03/01


Message-ID: <3BE421FB.27C4EA7A@synaptique.com>
Date: Sat, 03 Nov 2001 17:57:31 +0100
From: Fabrice Bacchella <fabrice.bacchella@synaptique.com>
To: Trevor Fiatal <trevor@fiatal.net>
Subject: Re: Security for SUN-Cluster 3.0/2.2 with OPS (8.1.7)


> * Compile and install the tcpwrappers package. Set up policies in hosts.allow
> for in.telnetd, in.ftpd, in.rshd, and sshd. Pay especially close attention to the
> private cluster networks for in.rshd access. Make sure hosts.deny is set
> up to deny everything else by default.

I always had a bad feeling about tcpwrappers, it can only protect a few
daemons, those running with inetd and those willing to do so. That's
little user against a hackers, how will just try something else. Try
something like ipf instead, you can protect every service running on
your machine.

And there is no interest in running at the same time telnet, ftp, rsh
and ssh. Are you sure someone in your organisation will not one day use
telnet instead of ssh, just because he doesn't have ssh on his computer.
Just cut all those and dtlogin too. Ssh should be the only remote access
on your computer if you want it to be useful.



Relevant Pages

  • Re: Security for SUN-Cluster 3.0/2.2 with OPS (8.1.7)
    ... Security for SUN-Cluster 3.0/2.2 with OPS ... >> * Compile and install the tcpwrappers package. ... > telnet instead of ssh, just because he doesn't have ssh on his computer. ... this thread concerns securing SunCluster 2.2 and 3.0 ...
    (Focus-SUN)
  • Re: Security for SUN-Cluster 3.0/2.2 with OPS (8.1.7)
    ... >> * Compile and install the tcpwrappers package. ... > telnet instead of ssh, just because he doesn't have ssh on his computer. ... add libwrap-like behavior into own Solaris utilites (like rpcbind, ...
    (Focus-SUN)
  • Re: Problem w/symantec firewall & SSH Tunnel
    ... having a firewall protects your system to a certain point, ... Although I've learned a LITTLE about VPN, SSH proxies and SSH tunnels, I was ... much less well encryption than the SSH tunnel that is provided, ... do not understand, and until I do, I should do everything I can to protect ...
    (comp.security.ssh)
  • Re: Partial SNAFUs - X11Forwarding etc.
    ... E.g. you could have X11 clients, running on hosts that are neither your ... So the ForwardX11Trusted is off by default to protect ... both up and down the SSH line? ... still a tad to automatic for my liking for a root owned process. ...
    (comp.security.ssh)
  • Re: Somebody is keep trying to ssh into my systems, how can I stop that?
    ... You are mistaken if you think your "secure", portknocking protected ssh ... My suggestion will still protect him against the issue he ... from trying to get in via MITM. ... would have a point, till then, you are making an invalid connection. ...
    (comp.os.linux.security)