On 7/19/11, John Hodrien J.H.Hodrien@leeds.ac.uk wrote:
On Sun, 17 Jul 2011, Always Learning wrote:
If using SSH, FTP, phpmyadmin etc. etc. then DO NOT use the standard ports. Allocate a different IP address (if you have several) and use a non-web IP address for SSH and a different non-web IP address for phpmyadmin etc. WITH non-standard ports (you can go as high as about 64000). Also consider ONLY allowing access from predefined static IP addresses (under your control). Do not make it easy for the hackers. Give them a difficult time.
Running on non-default ports (especially high numbered ports) always strikes me as the wrong way of doing things. You've come out of the admin shelter of low ports meaning you're now vulnerable to local attacks - if I can make ftp (one of your examples) crash, I can potentially steal its port and run my own ftp server, stealing everyone's password if I have a local account. At the same time, you're still vulnerable to plenty of scanning attacks.
If you want accessible services to be accessible, I say make them accessible, and secure that service as much as you reasonably can.
If you want to restrict access to make it more secure, put them behind a VPN or other protection. That way you *really* get the security benefit that you wanted in the first place.
jh _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Dear All With respect to the references you gave me, I figured out to add the following line to my /etc/sysconfig/iptables : -A RH-Firewall-1-INPUT -p udp -m udp --dport 53 -j ACCEPT Then I issued: #service iptables restart And now the windows machine can browse valid url . Thank you for your help. I want to put more stuff on my centos 5.6 machine. To this end, I installed ultraedit, octave, gschem,shorewall on my centos 5.6 machine. But I don't see one-to-one relationship between these applications and the ones I have on my windows machine. For example, the octave does not have the same power as MATLAB on windows machine or Pspice on windows is more powerful than the the one I have on my centos. Can you please let me know where powerful centos stuffs for various purposes can be selected and installed from the internet?