Re: open ports question (nmap scan)

From: John Thompson (john_at_vector.os2.dhs.org)
Date: 07/18/05

  • Next message: David Dorward: "Re: 2 linux viruses round on my system"
    Date: Mon, 18 Jul 2005 03:05:08 GMT
    
    

    On 2005-07-17, Proteus <nospam@nowhere.net> wrote:

    > I am a newbie at linux security, could use some mentoring on a basic
    > question-- what do some of the open ports (services) below (from running
    > nmap) belong to (i.e are they valid or should they be closed somehow and if
    > so HOW?). I understand ssh and ipp, but I have no idea what sunrpc,
    > hp-alarm-mgr, unknown (self explanatory I guess, but should it be kept
    > open?), and snet-sensor-mgmt are. This is a home office PC with a LAN and
    > Linksys router. Running Mandrake Linux 9.2 I do use SSH so I want that
    > open.

    If you don't know what the port is open for, you may as well shut it down.
    If that breaks something, re-enable it and check the program that broke
    to make sure you've secured it properly..

    > Related to this, if a port like 22 must be open for SSH, wouldn't a cracker
    > know to use that port, what would stop a cracker from getting in through
    > that or any other open port?

    There are a number of ways to secure open ports without disabling the
    services behind them. First, make sure you stay up to date on those
    services by tracking the security lists. Maintain a secure password
    policy -- no dictionary words, enforce password expiration, etc. Some
    programs, e.g. sshd, can be configured to only accept connections for
    certain users, or to use keys instad of passwords. This severely restricts
    what a cracker can do. Use tcp-wrappers and xinetd where possible to
    restrict ip addresses from which connections can be made. Use iptables to
    configure your firewall.

    -- 
    John (john@os2.dhs.org)
    

  • Next message: David Dorward: "Re: 2 linux viruses round on my system"

    Relevant Pages

    • Re: [Full-disclosure] Why Vulnerability Databases cant do everything
      ... best to relegate programming to a ... is a big difference between these two views of information security. ... but not nearly as important as designing secure systems. ... My favorite example to illustrate this point - ssh. ...
      (Bugtraq)
    • Questions on secure remote access to Fedora Core 2
      ... I am somewhat new to Internet security solutions in general and Linux ... I am setting up a server with Fedora Core 2 (there are specific reasons ... What is the most secure method I can use to give these individuals access ... under ssh. ...
      (comp.os.linux.security)
    • Re: How Can I use ssh in my perl code
      ... ssh is a secure replacement for rlogin/telnet. ... database connections. ... perl script through ssh. ...
      (perl.dbi.users)
    • Re: 9.1 Install: Holes in Security in Default install
      ... ssh is better known as the "secure shell". ... instead of "-a" to see network addresses and port numbers rather than ... > With Mandrake I was given the option at install to close all these ports, ...
      (alt.os.linux.suse)
    • Re: RE: Telnet/SSL v SSH
      ... My real question is which is better to secure the communication between them. ... I'm interested in authentication and non-repudiation if possible. ... >nearly the same robustness as SSH from the perspective of Authentication, ...
      (Security-Basics)