LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-28-2006, 08:09 PM   #1
keysorsoze
Member
 
Registered: Apr 2004
Location: Queens, NY
Distribution: Red Hat, Solaris
Posts: 295

Rep: Reputation: 30
Securing machine that needs telnet and ftp


Hi! I need a solution for securing a Red Hat machine that requires telnet and ftp access. We are running the latest version of Red Hat Advanced Server and have telnet server running and ftp running. We cannot get rid of these services for secure protocols such as SSH or SFTP. Can any one recommend a solution for hardening the server against attacks. My current setup is a Bastille hardening method but I don't feel its very secure. Are there any other security tips that you Linux Guru's have that can make my box less prone to break in's.

Thanks.
 
Old 04-28-2006, 09:30 PM   #2
Linux.tar.gz
Senior Member
 
Registered: Dec 2003
Location: Paris
Distribution: Slackware forever.
Posts: 2,534

Rep: Reputation: 100Reputation: 100
Really not a security expert, but:

-Read the logs.
-Use an intrusion detection system like snort.
-Use chroot.
-Do very strong passwords (ie.: T\O1^d{&R5Re7...) and change them often (some ppl think it's not necessary).
-BSD secure levels are veryvery powerful and easy to enable.
-You can limit IP logging with iptables.
 
Old 04-29-2006, 12:39 AM   #3
keysorsoze
Member
 
Registered: Apr 2004
Location: Queens, NY
Distribution: Red Hat, Solaris
Posts: 295

Original Poster
Rep: Reputation: 30
Hi! Thanks for the reply one question though should snort be installed on the telnet server itself or on a seperate device?
 
Old 05-03-2006, 08:55 AM   #4
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 57
Telnet has no real vulnerability in itself, the only problem can be sniffing the traffic.
Ftp on the other side is a protocol full of features and as a result can open doors: discovering of hosts behind a NAT router, scanning other hosts by bouncing, sniffing traffic, using a feature of FTP called FXP, and maybe others.
Choose wisely and harden your ftp server (vsftp, the new proftpd, beast-ftp, others I can't remember)

You take the hypothethis that this box will be hacked and that this host should be considered as a weak part of your network.
So you put it out of your network, like in a DMZ. Using iptables or a hardware firewall, there should be no traffic possible from this box to your internal network.
You also will harden a lot this machine (BSD security level, grsec, remove all unwanted service).
You implement chroot for all services (ftp/telnet only because remember you have removed others)
Very good logging mechanism : syslog(-ng) , logcheck,..
Very good backup mechanism
Very good passwords. In fact this is rule number 1.

Integrity check as soon as the box has been installed (doing it after the box has been on internet is theorically too late)

Snort is one step further, install it on a separate box! Putting it on the same may create conflicts that can lower the overall security of your box.
Give it very good network card(s) (I'm wondering if the are no guides to follow in snort doc), 1 will be monitoring the ftp/telnet server, either you look at the result physically on the box or you have another network card to access the console. A switch/hub with port monitoring would ensure you that the snort box will be hard to discover.
You can also put 2 sniffing cards : one on the internet, one after the firewall that protects the ftp/telnet server. But then you have a lot to read.
Everytime you are 100% to have wrong alerts, refine your rules otherwise you are overflowed with logs and won't bother to read them anymore.
 
Old 05-03-2006, 08:57 AM   #5
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 57
Arg double post
sorry
 
Old 05-04-2006, 07:31 PM   #6
keysorsoze
Member
 
Registered: Apr 2004
Location: Queens, NY
Distribution: Red Hat, Solaris
Posts: 295

Original Poster
Rep: Reputation: 30
Thanks

Thanks for the tips. I'll give your suggestions a go.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
trying to copy files from another machine to the local machine using telnet,..how? shrike_912 Programming 6 03-14-2006 05:45 PM
Cannot telnet into linux machine from Solaris machine ngcddls Linux - Newbie 1 03-09-2006 09:07 AM
securing ftp Crunch Linux - Security 4 08-06-2003 09:15 AM
securing FTP radnix Linux - Security 3 09-16-2002 02:46 PM
Deviation v.1 Securing your Linux/BSD machine sil Linux - Security 0 05-18-2001 07:59 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:40 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration