[lug] I wish RH users would secure... (D. Stimits)

D. Stimits stimits at idcomm.com
Fri Apr 20 13:44:13 MDT 2001

Tom Tromey wrote:
> >>>>> "Nate" == Nate Duehr <nate at natetech.com> writes:
> Nate> Well using a combination of queso and other tools, OS
> Nate> fingerprinting is relatively easy to do.
> Thanks.

Yes, fingerprinting is easy to some extent. But even with
fingerprinting, telnet to various ports can say a *lot* about an
unsecured machine, or even partially secured machines.

> Nate> My personal opinion is that network services should be
> Nate> completely OFF by default.
> I'm told, but have not looked for myself, that this is much better in
> Red Hat 7.1.

I have Redhat 7.1 beta, and it is definitely more sane in its settings.
Especially not turning on services by default, along with having an
opportunity to run ipchains right at install, with default settings to
stop the outside world from coming in.

> I agree services should be off by default.  Back in the olden days
> this was my biggest complaint about SunOS -- it shipped with insecure
> defaults.
> Tom
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

More information about the LUG mailing list