Re: open ports question (nmap scan)

From: John Thompson (john_at_vector.os2.dhs.org)
Date: 07/18/05

  • Next message: David Dorward: "Re: 2 linux viruses round on my system"
    Date: Mon, 18 Jul 2005 03:05:08 GMT
    
    

    On 2005-07-17, Proteus <nospam@nowhere.net> wrote:

    > I am a newbie at linux security, could use some mentoring on a basic
    > question-- what do some of the open ports (services) below (from running
    > nmap) belong to (i.e are they valid or should they be closed somehow and if
    > so HOW?). I understand ssh and ipp, but I have no idea what sunrpc,
    > hp-alarm-mgr, unknown (self explanatory I guess, but should it be kept
    > open?), and snet-sensor-mgmt are. This is a home office PC with a LAN and
    > Linksys router. Running Mandrake Linux 9.2 I do use SSH so I want that
    > open.

    If you don't know what the port is open for, you may as well shut it down.
    If that breaks something, re-enable it and check the program that broke
    to make sure you've secured it properly..

    > Related to this, if a port like 22 must be open for SSH, wouldn't a cracker
    > know to use that port, what would stop a cracker from getting in through
    > that or any other open port?

    There are a number of ways to secure open ports without disabling the
    services behind them. First, make sure you stay up to date on those
    services by tracking the security lists. Maintain a secure password
    policy -- no dictionary words, enforce password expiration, etc. Some
    programs, e.g. sshd, can be configured to only accept connections for
    certain users, or to use keys instad of passwords. This severely restricts
    what a cracker can do. Use tcp-wrappers and xinetd where possible to
    restrict ip addresses from which connections can be made. Use iptables to
    configure your firewall.

    -- 
    John (john@os2.dhs.org)
    

  • Next message: David Dorward: "Re: 2 linux viruses round on my system"