Re: Can allowing ftp compromise security?

From: Dave Millen (postmaster@[127.0.0.1)
Date: 04/10/03

• Next message: ynotssor: "Re: What means ' CONNECT xyz.xyz.xyz.xyz:25 HTTP/1.1 ' in my apache protocol?"
• Previous message: Stefan: "What means ' CONNECT xyz.xyz.xyz.xyz:25 HTTP/1.1 ' in my apache protocol?"
• In reply to: B. Joshua Rosen: "Re: Can allowing ftp compromise security?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Dave Millen" <postmaster@[127.0.0.1]>
Date: Thu, 10 Apr 2003 17:33:23 +0100

On Sun, 06 Apr 2003 14:42:45 +0000, B. Joshua Rosen wrote:

> On Fri, 04 Apr 2003 01:08:41 -0500, S.V.Proff wrote:
>
>> Hello:
>>
>> Ever since somebody broke into my Linux last year I am leery of leaving
>> any ports open on my router.
>>
>> However, I am wondering if leaving port 21 open for ftp access would
>> really make my RedHat Linux box vulnerable.
>>
>> Any comments? Any suggestions to make it secure?
>>
>> Thanks!
>>
>>
>> Sam
>>
>>
>> (My e-mail address is spam proofed, please post your replies here,
>> e-mails to me will bounce.)
>
> If you want to access your box from the outside why don't use SSH instead.
> SFTP does everything that FTP does but it does it using an encrypted
> channel. I have all my ports closed except for SSH. I require RSA
> authentication so that it's impossible for someone to access my box by
> guessing passwords.

Plus, by adding a user specifically for ssh logins, such as Lb5dT87s or
some similar garbage, and then adding the following two lines to
/etc/ssh/sshd_config you can make it even more secure and difficult to
crack:

PermitRootLogin no
AllowUsers Lb5dT87s

Regards,
Dave

-- 
Microsoft Scandisk
------------------
Because your computer was not properly shut down, one or more
of your drives may contain errors.
To avoid seeing this message again, shut down your computer 
by selecting 'Shut Down' from the 'Start' menu and leave it 
switched off.

---

• Next message: ynotssor: "Re: What means ' CONNECT xyz.xyz.xyz.xyz:25 HTTP/1.1 ' in my apache protocol?"
• Previous message: Stefan: "What means ' CONNECT xyz.xyz.xyz.xyz:25 HTTP/1.1 ' in my apache protocol?"
• In reply to: B. Joshua Rosen: "Re: Can allowing ftp compromise security?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: No Services.... ... The ports you have open are for ssh, ... users you have setup have reasonably secure passwords (eg. ... > Although I have had Linux installed for about 8 months (first Mandrake ... (comp.os.linux.security) Re: Linux and Viruses ... > Linux or is Linux immune to viruses and spware??? ... People will scan for open ports and SSH ... If you where to get a virus, your local user files might be affected, not ... (comp.os.linux.misc) Re: Can allowing ftp compromise security? ... > Ever since somebody broke into my Linux last year I am leery of leaving ... > really make my RedHat Linux box vulnerable. ... If you want to access your box from the outside why don't use SSH instead. ... I have all my ports closed except for SSH. ... (comp.os.linux.security) Re: WEIRD: telnet ... Leaving the ports issue out of it we need to tell him why ... Telnet is not a good thing... ... text whereas ssh does not. ... (freebsd-questions) Re: Linux executable picks up FreeBSD library over linux one and breaks ... But if it is in a subdirectory where no FreeBSD lib resides, it is ok (the linux browser sets LD_LIBRARY_PATH in the start script to the right path). ... Have a look how the native browser works, the private libs are not in ldconfig either and the browser start script sets the library path for the browser binary. ... don't care for ports to do at all. ... install libs or hide the libs in special dirs), ... (freebsd-hackers)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)