Re: A question of Security

Steve Shah (sshah@alteon.com)
Fri, 17 Dec 1999 09:17:13 -0800


On Fri, Dec 17, 1999 at 03:07:17PM -0200, Jose Luis Saraiva Hime wrote:
> At 15:27 17/12/99 +0100, Glynn Clements wrote:
> >
> >Jose Luis Saraiva Hime wrote:
> >> Witch services can I turn off?
> >
> >Anything that you don't want.
>
> May I turn off the following services, without any side effect for my system?
>
> auth (port 113)

You can turn this off without a problem.

> login (port 513)

As long as you do not need to telnet into the box. (If you do
need to telnet into the box, install ssh first, verify ssh works,
then turn off this service.)

> shell (port 514)

This is for rsh'ing into the host. If the machine is accessable
to the Internet as a whole, it's a good idea to turn this
off. Again, verify that you do not have a particular piece of
software that needs to rsh in. (RedHat for sure doesn't have
anything that by default needs rsh.)

> imap2 (port 143) -> Do I need this for pop3 services?

You can remove this if all you want is pop3.

Tip for POP: POP sends passwords over the network in
cleartext just like telnet. =( If your clients can use the APOP
protocol (Eudora clients can) then check out the QPopper daemon
as a replacement. (www.eudora.com/freeware/qpop.html) Read the
docs that come with it to see how to configure APOP.

Of course, if all your POP traffic is on your local area network
and you know your LAN is secure, you can leave that open. Use
ipchains to configure the host so that IP addresses outside of
your LAN cannot connect to your POP server.

-Steve

-- 
______________________________________________________________________________
Steve Shah (sshah@alteon.com) | Alteon Web Systems Inc. (Developer/Sysadmin)
    http://www.alteon.com     |   Voice: 408.360.5500  Fax: 408.360.5500
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
             Beating code into submission, one OS at a time...
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu