Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Linux
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Securing Fedora Core 4

from [Scott Rippee] Network Security [Permanent Link]
Subject: Re: Securing Fedora Core 4
Date: Sun, 2 Oct 2005 15:49:28 -0700 
I agree with this completely and after a few years of not taking this approach 
have had to many headaches to count.  Within a few weeks I will have my web 
services moved to a dedicated computer with no internal privileges and be able 
to sleep a little better at night. :)


On Sun, Sep 25, 2005 at 01:44:16AM +0100, Glynn Clements wrote:


AragonX wrote:


Well, the offices that I will be setting up are rather small and I can't
convince them to separate the services to multiple machines.

So basically, the servers will have to do everything.  Email, web,
firewall, gateway, file & print.  Those are the tasks it will have to
perform.



Email and web are the services that will be available to the Internet.


The public web server should definitely be a separate box, especially
if it has any kind of CGI or scripting capability (i.e. mod_cgi,
mod_perl, mod_php etc), and it shouldn't be given any trust (i.e. any
firewall rules or access lists which distinguish between "internal"
and "external" systems should treat the web server as external).

Rule #1 of running a web server: assume that it is going to get
compromised occasionally. Obviously, you try to prevent that, but
don't assume that you will be entirely successful.

-- 
Glynn Clements <glynn@gclements.plus.com>


-- 
 Scott Rippee
   scott@hypexr.org
   http://www.hypexr.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  routing_based_on_port/services, kucserak
Next by Date:  Re: routing_based_on_port/services, Martin Benda
Previous by Thread:  routing_based_on_port/services, kucserak
Next by Thread:  Re: Securing Fedora Core 4, Stephen J. Smoogen
Indexes:  [Date] [Thread] [Top] [All Lists]