Subject: RE: Was I hacked?: webmin note
From: Stefan Schneider (stefan.schneider@comsat.com.ve)
Date: Fri Aug 18 2000 - 09:11:01 MDT
As a side note (Considering that I have to work a lot with security) is that
most 1337 h4x0rz use precompiled rootkits and attacks (They seem to be lost
when they have to cross compile something) and few (none AFAIK but I might
be mistaken) rootkits are available in either perl or native PPC so you
might be safe from that point (Someone breaks in, tries to rootkit you and
install a x-86 binary, nothing happens) so sometimes I just fool my non x86
machines changing the OS Version and hardware info.
Well, now for the real advice... it's a GOOD policy to always run some
filtering/firewalling software in your machines even if they're behind a
firewall. Why? as proven in BugTraq countless times you can fool the
firewall if it's not properly secured and sometimes a brute force attack
will suffice (FW-1 is a good example). I for example run my firewalls in
OpenBSD with ALL services disabled. If I need access to my firewall I'm
forced to go to the data center and pull a serial terminal to connect. No
gui, no utils no nothing (Most of the disk space is used to store logs of
everything) if you're running a linux firewall use the same advice (No
services whatsoever) and run filtering software on your end machines. Also
with AIX I use IKE tunnels between my machines in the internal network and
only allow tunnels between machines that need communication, that adds
another layer of security because all the TCP/IP connections will be
encrypted (UDP goes encrypted thru IPSec).
Hope this helps (Or enlightens)
Stefan
----- Original Message -----
From: Howard Shere <hshere@greendragon.com>
To: <yellowdog-general@lists.yellowdoglinux.com>
Sent: Thursday, August 17, 2000 11:33 PM
Subject: Re: Was I hacked?: webmin note
> > With the recent webmin discussion, its only proper that i point out
> > that unless you installed the ssl perl module and are connecting to
> > webmin via https, its also a security hazard for the same reason- the
> > user and password for webmin are broadcast plain text (its fine,
> > though, if you only connect to webmin via 127.0.0.1). In order to use
> > webmin securely, install the ssl perl module, and set up webmin to
> > use it.
>
> Also, you can configure webmin to only allow connections from a specified
IP
> range (say your server and office networks). This even excludes your own
> dialup IPs (if you are an ISP like us).
>
> We do this and we just have telnet turned off completely.
>
> With webmin installed there is very little need for an actual command
line.
>
> _________________________________________________________________________
> Gridz 1.3 ---- www.gridz.com ---- NetSpace will never be the same again
> _________________________________________________________________________
> Howard Shere | Green Dragon Creations | Water Valley Interchange
> President | 301 N. Main St. | P.O. Box 70
> Software Sculptor | Water Valley, MS 38965 | Water Valley, MS 38965
> | hshere@greendragon.com | hshere@watervalley.net
> | www.greendragon.com | www.watervalley.net
> | 1-662-473-4225 | 1-662-473-9209
This archive was generated by hypermail 2a24 : Fri Aug 18 2000 - 09:15:53 MDT