'Re: no daemons listening and errata updates (secure or not?)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-basics
Subject:    Re: no daemons listening and errata updates (secure or not?)
From:       tony barry <tony () no-bull ! co ! nz>
Date:       2006-07-31 19:50:42
Message-ID: 1154375442.2276.47.camel () minorhost ! localdomain
[Download RAW message or body]

I assume as you are applying updates that you are using Fedora Core 5.
Just check that the firewall and SElinux are enabled, System /
Administration / Security Level and Firewall.


On Fri, 2006-07-28 at 22:51 +0800, Michael Boman wrote:
> On 7/28/06, sun sadm <sunsadm@gmail.com> wrote:
> > Hi colleague
> >
> > I am using Fedora Core as workstation. To lock down the OS, I disable
> > all network daemons: only dhclient is listening for network
> > connections. Furthermore I regularly update my installation using yum.
> > All other setting are out-of-the-box from Red Hat.
> >
> > Is my simple setup secure to be connected directly to the Internet?
> > Does an attacker have a chance to break my workstation? How high is
> > the risk? What can I do to improve the security? How would you break
> > in my system? Please show me vulnerabilites in my setup.
> >
> > Nico
> 
> There is always a risk of being compromised, but you are doing good
> progress. I would put up an iptables firewall to make sure that no
> errant network service accidentally being enabled would compromise
> your security (you could investigate blocking outbound traffic too, if
> you are really paranoid). The rest is basically behavior: only run
> software that comes from good sources, beware of strangers etc....
> 
> If there is no service to break in to (and there is no nasty kernel
> bug you can exploit), the only way to get in to your system would be
> tricking you to open it up in one way or another (browser/email
> client/other software you use exploits, get you to install trojaned
> software etc...).
> 
> Best regards
> Michael Boman
> 

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic