Complete.Org: Mailing Lists: Archives: discussion: August 2001:
[aclug-L] Re: Denied connections
Home

[aclug-L] Re: Denied connections

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: discussion@xxxxxxxxx
Subject: [aclug-L] Re: Denied connections
From: Greg House <ghouse@xxxxxxxxxxxxx>
Date: Sun, 26 Aug 2001 18:01:01 -0500
Reply-to: discussion@xxxxxxxxx

On Sunday 26 August 2001 14:02, you wrote:

> > A related question; What keeps someone from breaking in on one of the
> > ports that is not denied by the firewall?
> > bruce
>
> Essentially each connection opens a 'tunnel' to the outside and if the
> packet is not sent as a response over one of these tunnels, it denys the
> packet. Unless, you specifically allow access to say port 80 (forewared to
> another machine), then there might be some problems.

The idea is that you keep whatever you run on those ports as secure as 
possible. If you run a web server, make sure your version of Apache (or 
whatever) is as up to date as possible to prevent any known vulnerabilities 
from being exploited in it. If you don't run a websever, shut off port 80 
(http) in your firewall. Likewise with other services.

Some services are inherently less secure, so you might want to substitute a 
higher security replacement. For example, use ssh instead of telnet.

Greg
-- This is the discussion@xxxxxxxxx list.  To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi


[Prev in Thread] Current Thread [Next in Thread]