Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
your still vunerable to an attack of some kind. All a hacker needs is 1 open port to do something. The only way not to get your box hacked is to have any open ports. But, i know that would be no fun. By closing up all un-used ports it makes it more secure, but not totally secure. A DoS attack or some other attack could still be performed. You should go to your red hat's site and some other security related sites and look for patches or read up on how to secure your box better. In my mind, nobody is TOTALLY secure, even if they think they are, the probably aren't...
Ok, I agree with everything you said, but it's got to be someway to secure mail and web with just standard os service because they are ports that have to be open to the whole world. When it come to telnet, ftp or even pop3, they can be controlled by allowing access to certain users connecting from certain sites with no problem using standard filter firewall. I don't think there is a good firewall that can filter traffic on port 80 or 25 and block hackers. This should be done by the service it self not the firewall. I doubt if big companies web sites are behinde firewalls which filter http and smtp traffic all day long...Probebaly not, maybe just monitored closley and if in an event of an attack they will restore it quickly. I my self did not lose anything du to the hack cause I had a good backup system running which allowed me to bring it back as before the attack in less than 30 minutes.
I think sometimes a firewall can make even more problems then you already have. It sometimes gives a hacker another program to exploit and gain access to the system. I think also think big big companies dont need firewalls to be protected. A active admin that can monitor the system is sometimes good enough. Some companies are targets of attacks because their software makes them so vunerable. It all depends on the system and what is being used, I think.
I think you can run open ports 25 and 80 with no problems if you get the lastest patches for your OS. Whatever you do, good luck.
any open ports are a security problem, a firewall mearly does its job in closing mosts ports (by just being the machine inbetween it also provides just another bridge to cross), but if you open up any ports you do have to keep track of the security updates and vulnarebilities of the applications (i.e. services) running behind those ports....
for instance check if you have the latest webserver running on your port 80 (with all patches installed, please also check things like perl and php if installed) and check your mailserver for vulnerabilities (patches and configuration). You might also check you mailserver at http://www.mail-abuse.org/
Nothing is completely secure. Everytime there is a patch made for something, a cracker finds another thing to exploit. All you can do is lesson the possibilites that particular cracker has to get in.
Something to keep in mind also is that companies as a general rule seem to think they need all these services running, and that makes them quite vulnerable.
The regular Joe blows out there dont need all theese running, and are less likely to be hacked IF they close down those ports. And of course add a firewall.
Granted, a firewall can still be exploited, but again if they want in, they can eventually find a way. Just make it more difficult for them to do so.
BTW -One last thought for you to digest. Windows 2K and NT are very insecure despite their claims. There have been many news reports lately of damage to Windows based PC's and security violations, and still only a few on Linux. And if the NSA is helping to make Linux secure, obviously they feel it has better chances than M$ crap.
As Linux becomes more widely spread you'll see the holes start showing up..
Till lately it has been of little interest to hack Linux as not many used it. Just wait and see..
It's no better no worse than Windows.
Just look at the Bind security hole that turned up last year (if I remember correctly)..
It's not like it's the most complicated piece of software, still it's needed on a server (dns server that is ).
And then it has a flaw that leaves your server wide open.. FFS! The Lion Worm can take over your server and you won't even see what hit you till it's too late...lol
Format c:
"As Linux becomes more widely spread you'll see the holes start showing up.. "
Maybe so, but you will also see an almost instantaneous fix for these. I can guarantee you won't hear "this is a known security issue" as from M$ and have to wait for a future upgrade and pay for it as well.
"Till lately it has been of little interest to hack Linux as not many used it. Just wait and see.. "
Hmmm. correct me if I am wrong, but linux has always been a hackers system. Hacking in my terminology being different as to what script kiddies refer to as "hacking". Linux was created by hackers.
"And then it has a flaw that leaves your server wide open.. FFS! The Lion Worm can take over your server and you won't even see what hit you till it's too late...lol
Format c: "
I don't think anyone really "Format c:" on a server do they? Usually the info in forwarded to an email addy somewhere.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.