[vox] Basic security issues
Richard Crawford
rscrawford at mossroot.com
Wed May 11 12:58:57 PDT 2005
Long story short: last week I ran nmap from my Linux box at work to check for
open ports on my home network. One of the ports nmap scanned was 31337.
Because that's the port that Back Orifice uses, our department's IT -- a
Microsoft zealot -- decided that someone was trying to hack into our network
to use Back Orifice on one of our systems. After demonstrating that because
the 31337 scan was directed at my own machine and because it coincided
precisely with the time that I was running nmap and that my home machine is
not vulnerable to Back Orifice anyway, the IT guy has still decided that
because of this I should not be allowed to use a Linux workstation at my desk
(despite the fact that I maintain two Solaris servers and two Linux servers
as part of my job). For sanity's sake, I did run a full chkrootkit and
system log scan on my machine just to make sure it hadn't been compromised.
So just because I'm cantankerous, I want to demonstrate that using a laptop
running Linux is better for our network than a desktop running Windows. I've
already disabled all non-essential services, including sshd. What other
steps could I take? I'm thinking about using IPTABLES to block all outbound
traffic on ports other than 21, 22, 80, and 110. And I wonder if it's
possible to allow traffic on those ports to specific destinations only; for
example, to allow port 22 to connect only to my home machine and to the
servers I maintain here at work, or to allow 21 to connect only to our
hosting provider (who allows only FTP access to our files). None of this is
necessary, of course, but, as I said, I'm cantankerous and I have a point to
prove, dammit.
What are your thoughts? Suppose this were a Linux laptop that you'd give to a
company employee? What services and ports would you allow on it?
--
Richard S. Crawford
http://www.mossroot.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://ns1.livepenguin.com/pipermail/vox/attachments/20050511/35163d1d/attachment.bin
More information about the vox
mailing list