Return to BSD News archive
Newsgroups: comp.unix.bsd.freebsd.misc Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!munnari.OZ.AU!news.ecn.uoknor.edu!paladin.american.edu!gatech!newsfeed.internetmci.com!in1.uu.net!news2.new-york.net!bet From: bet@ritz.mordor.com (Bennett Todd) Subject: Re: IMPORTANT PPP SECURITY ISSUE X-Newsreader: slrn (0.8.6.1) X-Nntp-Posting-User: bet Message-ID: <slrn4k0gn6.m4h.bet@ritz.mordor.com> References: <4hkast$4u7@ns.hcsc.com> <4hnfpg$2rh@orca.osg.gov.bc.ca> X-Trace: 826295014/12049 X-Nntp-Posting-Host: ritz.mordor.com Date: Fri, 8 Mar 1996 14:23:36 GMT Lines: 21 When folks set up a PPP link, one of two circumstances applies: either they're setting up a server, or they aren't:-). Now if you are actually setting up a server, then yes, you do need to properly secure it, and that's a protracted and tricky job. But if you aren't setting up a server, it's easy to be sucure; just don't enable arbitrary services. For example: - don't make your system an NFS server (don't have an /etc/exports file) - don't allow any incoming login-type connections; eyeball the contents of inetd.conf; you probably don't need anything there, in which case disable inetd. If you do need some service out of there then disable everything except what you do need - check what daemons you actually have to run. If you aren't going to have a permanent connection, then you probably don't need to be running sendmail as a daemon, for example. Don't run NIS (nee YP). If you can get away with it, don't run portmapper. -Bennett