On Mon, 2004-07-26 at 08:44, Scot L. Harris wrote: > On Sun, 2004-07-25 at 23:21, Norman Nunn wrote: > > Scot, thanks to you and others on this. > > > > I now think my system is actually clean. The activity on this mail list > > on security issues in general has been a good learning experience and, > > as a result, I have added logsentry and portsentry to my system for > > protection and notifications. I took the suggestion and setup the > > aliases to send root's messages to me. > > snip > > Thanks again > > Norm > > iptables is still a good idea. If by some chance a way through the > linksys is found iptables can act as a second line defense. It also > gives you a single place to specify what ports are open on the system to > the network. Particularly important if you have other systems on the > local LAN which could potentially be used as an attack vector. In other > words, don't blindly trust everything on your LAN segment. > > Of course as has been pointed out if you are cutting any ports through > your firewall your only protection at that point is good > passwords/authentication and patching any known exploits through that > service as quickly as possible. The IDS stuff you are doing should let > you know if something odd is going on, hopefully before a hole is found. > > You may have already implemented it but another IDS type package that > can be very useful is tripwire. Once it is setup, changes to any files > being monitored by tripwire will be reported to you. > > A little paranoia is good, a lot can be even better! :) > -- > Scot L. Harris > webid@xxxxxxxxxx > > Never play pool with anyone named "Fats". I agree with Scot. I would also note that multiple firewalls on multiple platforms with IDS can make it very hard for a cracker to get into a system undetected. -- jludwig <wralphie@xxxxxxxxxxx>
