[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ccp4bb]: Security, Firewalls etc.

To: cowtan@ysbl.york.ac.uk (Kevin Cowtan)
Subject: Re: [ccp4bb]: Security, Firewalls etc.
From: <klaas@ultr.vub.ac.be>
Date: Fri, 30 Aug 2002 19:01:08 +0200 (CEST)
Cc: pcem1@leicester.ac.uk (Dr Peter C E Moody), ccp4bb@dl.ac.uk
In-Reply-To: <200208301603.48385.cowtan@ysbl.york.ac.uk> from "Kevin Cowtan" at Aug 30, 2002 04:03:48 PM
Sender: owner-ccp4bb@dl.ac.uk

***  For details on how to be removed from this list visit the  ***
***          CCP4 home page http://www.ccp4.ac.uk         ***

> 
> 
> 3. For Unix boxes, check what services are running and turn most of them off. 
> You probably only need one machine with web or ftp servers running, or 
> sendmail for that matter.

And this machine should not be the one with important files.
You should probably not import NFS filesystems into this machine and not use
the same passwords as on the other machines.

> If you are not behind a firewall, you can add one very cheaply - an old PC, 
> running a BSD-based firewall distro is probably best. These will often fit on 
> a single floppy. There are Linux versions as well, but Linux is more 
> widespread and thus vulnerabilities are better known. Since these are 
> designed for a single purpose, they are supposed to be quite easy to set up, 
> but I haven't tried.

BSD versus Linux: Vulnerabilities better known, but also better tested. This
might be a religious thing. 
Also important to remember is that firewalls (if at all) only protect you
from outside attacks.  Inside attackers combined with NFS and/or NIS are deadly
no matter what.
If you go for a firewall, it needs to be monitored and updated.


> > Not really CCP4, but is there a consensus about the appropriate level of
> > security for a PX lab? We had someone use our RAID server to try and
> > launch attacks on various people (such as the US treasury) and to
> > re-distribute mp3 files. The University disconnected us 'till we sort out
> > the problem.

Are these hackers good or just playing around with hacking kits not knowing
what they are doing? (after a while, you can tell). In the latter case, you
can try finding out where they are hacking from and contact their webmaster.
Worked miracles for us once and twice.

Also important is a good backup strategy. Comes in handy no matter who
messes up the system. Remember that RAID is more fault tolerance and not
so much backup...

Klaas

References:
- Re: [ccp4bb]: Security, Firewalls etc.
  - From: Kevin Cowtan <cowtan@ysbl.york.ac.uk>

Prev by Date: Re: [ccp4bb]: Security, Firewalls etc.
Next by Date: Re: [ccp4bb]: measure circumference
Prev by thread: Re: [ccp4bb]: Security, Firewalls etc.
Next by thread: Re: [ccp4bb]: Security, Firewalls etc.
Index(es):
- Date
- Thread