Re: Hardening an old Ultrix server
From: Nick Hilliard (nick_at_foobar#delete2email#.org)
Date: 05/23/03
- Next message: phn_at_icke-reklam.ipsec.nu: "Re: Hardening an old Ultrix server"
- Previous message: Tom Ivar Helbekkmo: "Re: Hardening an old Ultrix server"
- In reply to: Jacques Bourdeau: "Hardening an old Ultrix server"
- Next in thread: Jacques Bourdeau: "Re: Hardening an old Ultrix server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 23 May 2003 12:12:01 +0100
Jacques Bourdeau wrote:
> I have to improve the security of an old Ultrix server. The first
> thing I have to change is the old password file. Passwords are still
> in /etc/passwd and readable by every one.
/etc/passwd and telnetd are just the beginnings. Ultrix is based on BSD
from the 1980's, which is truly ancient and is riddled with security
holes. Virtually every daemon and setuid executable is vulnerable to
stack smashes and a bunch of other well-known security problems which
have been documented throughout the years. You cannot make it secure in
any real sense.
Unless you need to run Ultrix for specific reasons (binary compatibility
and so forth), you would be much better to run some other operating
system on the box, like openbsd or netbsd. If you must run it, hide it
well behind firewalls, or if feasible, disconnect it from the net
completely.
Nick
- Next message: phn_at_icke-reklam.ipsec.nu: "Re: Hardening an old Ultrix server"
- Previous message: Tom Ivar Helbekkmo: "Re: Hardening an old Ultrix server"
- In reply to: Jacques Bourdeau: "Hardening an old Ultrix server"
- Next in thread: Jacques Bourdeau: "Re: Hardening an old Ultrix server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
