Hi,
Overall the artical is very good. I enjoyed reading it (one-hour full entertainment). While reading I have tried some good commands which you suggested. And I played with my xinetd file also.
While reading xinetd I didn't get the purpose of some of services. My queries are below.
On Mon, Oct 29, 2001 at 12:26:56AM +0530, Philip S Tellis wrote:
Alternately, OpenBSD, was designed from the ground up as a secure unix, and is probably your best choice for a pure unix implementation. OpenBSD servers and firewalls are extremely secure.
You said earlier that default secure systems are some times very uneasy to use (for end/new users). What about OpenBSD ?
sendmail and bind have well known security holes. Also disable echo, discard, finger, daytime, chargen and gopher if you don't use them.
What are discard and time (not daytime) services ?
ALL: ALL Remember that hosts.allow is checked first, then hosts.deny. The first
After applying proper rules in the ipfilter will this (hosts.{allow|deny}) not make the system (I mean network access) slow without any further effect.
Or simply which one is better - ipfilter or hosts.{allow|deny} scheme ?
regards