Re: 9.1 Install: Holes in Security in Default install
From: Tom Emerson (x_at_y.z.com)
Date: 05/15/04
- Next message: Kevin Nathan: "Re: Audigy sound card in 9.1"
- Previous message: Michael Williams: "Re: new SuSE 9.1 install"
- In reply to: John Turnbull: "9.1 Install: Holes in Security in Default install"
- Next in thread: John Turnbull: "Re: 9.1 Install: Holes in Security in Default install"
- Reply: John Turnbull: "Re: 9.1 Install: Holes in Security in Default install"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sat, 15 May 2004 16:42:23 GMT
John Turnbull wrote:
> grc.com reports that my vanilla SuSE 9.1 Pro has these ports open:
>
> Port 22 (SSH)
> Port 79 (Finger)
> Port 631 (Printing Protocol)
>
> Why are they open? GRC.com says to close them.
ssh is better known as the "secure shell". In the simplest terms, it is a
secure version of telnet (the whole conversation is encrypted -- passwords
or other sensitive data are not sent "in the clear", so the data isn't
susceptible to being "sniffed" along the way) ssh as a whole, however,
includes much more [secured file transfers and port tunneling]
It is reasonably safe to leave ssh open (make sure you use decent passwords
for ALL of your users) if you intend to access your system while "on the
road" [or "at home/work", whichever is opposite to where this computer is
installed] I happen to leave my system on 24x7, so it has been nice to be
able to "dial in" on ocasion and pick up a file I forgot to write to a disk
to bring in to work...
finger is, well, finger. If you've been around unix or unix-like systems
for 20 years, you should know what it is and what concerns there are about
having this "open" to the world. Personally, I'm kind of surprised to see
that it was enabled. Usually, I've seen it implemented as part of the
inetd/xinetd daemons, but disabled in the sample ".conf" file that tends to
be used as the default configuration file.
port 631 is known as either "cups" [Common Unix Printing System] or
"ipp" [Internet Print Protocol]. Point your browser to
http://localhost:631 and you'll get a configuration screen for managing any
local or network-connected printers. You may need this "open" to
"localhost", but not to "everyone" (i.e., it should be "listening" only to
address 127.0.0.[0/1], not 0.0.0.0)
By the way, you can find out what your system is "listening" for with the
command:
netstat -a --tcp
(and you'll usually want to repeat that, but with the parameter "-an"
instead of "-a" to see network addresses and port numbers rather than
names)
> With Mandrake I was given the option at install to close all these ports,
> but not with SuSE. Hmmm.
I think mandrake called that the "paranoid" setting -- it appears early on
in the installation as I recall, so it is/was easy to miss. Most people
who know what they are doing [or at least think they know] generally want
to provide "some" services, so they don't select "paranoid", and
subsequently forget that the setting was offered...
-- Top o' the Blog: Google Nirvana gone bye-bye? http://osnut.homelinux.net/mtblog/ya_index.html
- Next message: Kevin Nathan: "Re: Audigy sound card in 9.1"
- Previous message: Michael Williams: "Re: new SuSE 9.1 install"
- In reply to: John Turnbull: "9.1 Install: Holes in Security in Default install"
- Next in thread: John Turnbull: "Re: 9.1 Install: Holes in Security in Default install"
- Reply: John Turnbull: "Re: 9.1 Install: Holes in Security in Default install"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
