Re: ProFTP security

Subject: Re: ProFTP security
From: Benjamin Karas (bjk4@po.cwru.edu)
Date: Wed Sep 29 1999 - 10:38:23 MDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Nathan T Hjelm: "6400 video in"
• Previous message: Michael Messano: "Re: dir colors"
• In reply to: Aaron Levitt: "Re: ProFTP security"
• Next in thread: Christopher F. Baum: "Re: ProFTP security"
• Reply: Benjamin Karas: "Re: ProFTP security"

On Wed, 29 Sep 1999, Aaron Levitt wrote:

> [snip]
> > Also, on a related note, what's a good place to start learning about
> >basic to advanced network security. I am not looking to crack down on
> >users and system resources, I just want enough knowledge to track
> >attempts and exploits and handle them accordingly.
>
> Without a doubt, the best place to start (other than just reading
> news and advisories on various pages such as hackernewsnetwork.org,
> lopht.com, rootshell.org, slashdot.org to name a few good ones) is
> with a book called 'Maximum Security'. The author is anonymous. It
> shows network security from both sides of the network.

If you want the latest on all the exploits (including a symlink one for
ssh), you should read bugtraq, a mailing list hosted off of securityfocus.
As for tape drives, be sure you don't backup a backdoor. If you don't
know when things happened first, you might reintroduce a problem or
reintroduce software the cracker installed.

I would suggest running l5, an md5 checksum program on all your really
important directories (/etc, /lib, /bin, /usr/local/bin, ...) Use shadow
passwords (pwconv) and check for bad passwords using crack. You can
enforce good passwords when they are entered using one of the many
programs available for that purpose. You might want to use SATAN, SAINT,
or BESS to check for security holes on your system. There are also a
number of network activity loggers and monitors that you might install.

On the real basics:
* Turn off extra services in /etc/inetd.conf (everything but ssh for
instance)
* Disable logins on non-active accounts
* Search for and check world-writable files and directories
* Search for and catalog your SUID programs (find / -perm -04000)

Paranoia is fun.

-Ben

>
> -Aaron
>
> /^\ ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL
> \ /
> X "We have solutions, just not for your computer"
> / \ --Microsoft Tech Support
>

• Next message: Nathan T Hjelm: "6400 video in"
• Previous message: Michael Messano: "Re: dir colors"
• In reply to: Aaron Levitt: "Re: ProFTP security"
• Next in thread: Christopher F. Baum: "Re: ProFTP security"
• Reply: Benjamin Karas: "Re: ProFTP security"

This archive was generated by hypermail 2a24 : Fri Oct 01 1999 - 16:13:45 MDT