[oclug] knark attack
Tom Goulet
tomg at nova.yi.org
Wed Jan 17 21:45:05 EST 2001
>(http://www.sans.org/newlook/resources/IDFAQ/knark.htm) to build and use
>static kernels that do not take advantage of loadable kernel modules. In
>such an environment, knark and similar LKM's are
>useless. Do you also recommend that?
Well, no. A cracker just shouldn't get that far.
>- web server
Apache is very secure. If you want to feel more comfortable, disable
suexec and CGI.
>- mail server (pop+smtp)
POP uses plain text passwords, therefor it's insecure no matter what you
do to it. (There are some encryption solutions to this, but I've never
seen them used.)
Qmail, Postfix and Exim seem to be reasonably secure MTAs, but keep an
eye on those updates.
>- telnet
Also a no-no, use SSH: http://www.openssh.com/
>- Remote X access (such as Vnc)
Use SSH. SSH has some built in stuff to allow for X11 session
tunnelling over the encrypted stream.
>- Oracle 8i
If Oracle must listen to a TCP port, have it bind to 127.0.0.1 or
firewall out the port to be safe.
>- X
More SSH.
>Could anyone walk me thought the steps, as this is the first time I have to
>secure a production machine?
What distribution and version do you have? I should be able to point
you to the packages you need.
TomG
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://tux.oclug.on.ca/pipermail/oclug/attachments/20010118/7f10350b/attachment.bin
More information about the OCLUG
mailing list