[CentOS] firewall?

Sun Jul 17 02:33:37 UTC 2011
Always Learning <centos at u6.u22.net>

On Sat, 2011-07-16 at 19:03 -0500, John R. Dennison wrote:

> The reality of the situation is that attacks are in almost all cases
> non-targeted and are the results of automated scanning; playing security
> through obscurity tricks with IP addresses is as futile as attempting to
> herd kittens.

In reality the hackers never, in my experience, scan the entire port
range of every IP address. They tend to chose the most likely ports as
my daily Logwatch reports continue to show (iptables log attempts before
dropping them).

> You should not be running ftp at all; ftp should be allowed to die off
> as it's insecure just as is any protocol that transits credentials on
> the wire in plaintext.  ftps is better; sftp/scp/rsync is better still.

Thanks for the tip. Access is restricted to 3 IPs. I'll investigate
SFTP, SCP and Rsync. 

> phpmyadmin is a recipe for tears of blood; moving ports is better than
> leaving it on 80/tcp, but better would be to not run it at all on a
> routable IP.

It can be accessed only from 3 static IPs using https on a non-standard
port and it is never in the same file hierarchy as web pages. Web pages
are in their own 'root' structure and not in /var. Nothing private or
sensitive can be accessed by http.

> In the cases of a targeted attack the attacker(s) will find your
> services no matter what ports you have them hanging off of.

True. So far no one has bothered to target me, except for the annoying
email spammers who never get pass the defences.

> And TCP port numbers range from 0 to 65535.

256^2

-- 
With best regards,

Paul.
England,
EU.