U of T campus network security

Chris Friedt Chfriedt-0jnyayh6ARPqzrOJbVgLALDks+cytr/Z at public.gmane.org
Tue Aug 16 21:19:10 UTC 2005 

Hi Igor,

universities are extremely prone to being bludgeoned to death by remote
attackers, residences are particularly susceptable. I've been working in
network security at Ryerson for several years and have seen this frst
hand. you've already made a good choice in operating systems, which puts
you ahead of the game ;-)

1) set up a good iptables firewall with logging / check your pam logs
(you'd be surprised at how many ssh access attempts happen per minute)
2) don't run a web / ftp or whatever service - you will get loads of
flack from the network admins
3) if you REALLY need to run a service, run ssh
4) don't allow arbitrary login via ssh - NO ROOT - use public dsa keys
(i.e. any user must have a public key pair set up to login)
5) keep all of your open services off of the common ports to avoid port
scans - i use port 6811 ;-)

you don't need to set up partitions for each major directory, and many
distros will complain if you do (/usr for instance)

ClamAV is a popular open source antivirus solution, but you're really
only going to be doing your friends a favor if you're using samba. A
good chkrootkit solution is suggested, plus using a file alteration
monitor is a good idea. you should always compile your base binaries
statically to avoid possible swapping with foreign shared objects by
some vindictive attacker. 

If you would like an effective iptables firewall script  i've written
an iptables tutorial (with a script i've been running solidly for the
last 4 years, requires very little maintenance)

Good luck ;-)

~/Chris

>>> denisov-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org 8/12/05 11:03:52 pm >>>
Hi,

Soon, I'll be a student at U of T and my linux box will be part of the
U of T network.

I'm worried about both crackers and the script kiddie haxxorz that
might lurk there.

For those of you that have worked/studied/used a computer at U of T,
are either of those two types present? Are computers broken
into/messed around with?

What would you suggest I do to secure my linux box (currently SUSE 9.3
Pro)?
Currently, it has little besides a firewall and an virus scanner
(BitDefender).

I've considered repatrtitioning and separating /, /var, /tmp, /usr,
and /home and chrooting each service running on my box.

Thanks in advance,

Igor
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org 
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list