I'm curious as to how isp's that allow telnet access secure their boxes. I mean, it's almost impossible to keep up with security updates in real time. What if you applied a patch one day late and your box was compromized within that time?

Is Redhat a good OS for hosting sites?

If your that worried about security redhat is about the worst distro to have, its full of vulnerabilities, if you do go with redhat make sure you get the newest one 7.1 its about the most secure version out there.

For the ultimate in security and stab. I suggest freebsd 4.2

I think that also Slackware would be considered pretty secure as a Linux distribution.

Nordic

Letting a person access their account via telnet is only half the picture.

Once the person gains access, what services/commands do you allow them.(?)

Limited services and commands can "blind" an intruder to the point of not being able to compromise a system.

Redhat is fine, and if you sign up for their 'Network' services, they will e-mail you any new updates or patches needed for your particular system.

Remember, no security is perfect. And if you really think about it, there will never be a totally secure system. But knowing what you need, and how you want to serve "it" up will allow you to recognize the security risks at hand.

Blah, blah, blah.

Lilac Echo
http://www.wbglinks.net

Oh, one last thing.

As for secure commercial systems, I would not recommend fBSD.

Try OpenBSD, as they say, "Four years without a remote hole in the default install!"
http://www.openbsd.com/

Which is pretty impressive.


Lilac Echo
http://www.wbglinks.net

Originally posted by cbaker17
If your that worried about security redhat is about the worst distro to have, its full of vulnerabilities, if you do go with redhat make sure you get the newest one 7.1 its about the most secure version out there.

For the ultimate in security and stab. I suggest freebsd 4.2

Aloha
very curiou sabout the fact of using latest release
my buddy who is pres of a isp and been into puters all his life he is in his 30's adn very well known wiht a lot of unix hacks etc...
always said do not go wiht the latest release because the security flaws can be to many better to go back a bit and make sure you have youself coverd after a OS is out for a bit it hasa time to get most of the flaws found and patched et...
where as brand new ones have to amny holes ??

thoughts ??

Originally posted by wbglinks.net
Oh, one last thing.

As for secure commercial systems, I would not recommend fBSD.

Try OpenBSD, as they say, "Four years without a remote hole in the default install!"
http://www.openbsd.com/

Which is pretty impressive.


Lilac Echo
http://www.wbglinks.net


YA!! But openbsd doesn't install very many daemons by default, thats why they have a very extensive package collection. BSDi is a very secure *BSD distribution, I recommend it. If you guys are looking for an easy way out of securing your servers, there isn't one.

Originally posted by cbaker17
For the ultimate in security and stab. I suggest freebsd 4.2

&ltnitpick&gt I'd go with FreeBSD 4.3 instead ;)&lt/nitpick&gt

Originally posted by lith



YA!! But openbsd doesn't install very many daemons by default, thats why they have a very extensive package collection. BSDi is a very secure *BSD distribution, I recommend it. If you guys are looking for an easy way out of securing your servers, there isn't one.

Many?
OpenBSD will install as many daemons as the current RH7.1 default install (Medium/security-firewall setting).

BSDi is a great flavor, and would be a good recommendation for any unix wannabe.

Overall, NO OS is secure. But by not allowing certain services to be installed on the default setting (C:\WINNT\System32\msw3prt.dll Poor poor NT5), and forcing a user to install/start such daemons will make a user more aware of what she/he is doing and what services she/he will REALLY need.

Anyway. EOF

Lilac Echo
http://www.wbglinks.net

Final answer: Use an OS with *BSD* in it, not *hat*. :D

First of all 4.3 is about ready to come out or is already out so 4.2 isnt the newest release which is why i recommended it, second of all freebsd is just as secure if not more secure than openbsd, ill put it to you this way, we have about 20 dedicated servers running freebsd, not a single one has been hacked in their entire lifetime, on the other hand redhat boxes get hacked every week.

As far as the redhat network, it costs money, i think they give you a 30 day trial but why pay for a service that should be free, also the daemon whcih retrives the updates, etc has security holes in it as well, so its not a overly good idea to use that service.

Just stick with a *BSD os W/the latest hand applied patches and yoll be in great shape.

cbaker17: We've had almost the same exact experience. Our numerous FreeBSD boxes never get hacked, but we've had tons of problems with the couple of RedHat boxes we have.

Sidenote: FreeBSD 4.3 was released in April, and we've had no problems with it. -RELEASE versions of FreeBSD should be stable & bugfree (unlike -STABLE, which is stable but still in development, or -CURRENT, which is the newest version of the O/S that comes with no guarantees at all).

Aloha,
well question for you guys on bsd they say it is harder to learn than other flavors do you find this true or not ??

what do you think of this deal for a guy who wants to host his own clients and learn more about it

http://freebsd.efreeservers.com/
with the plesk option
was curious what kind of or who makes this box (I cna ask efreeservers )

and what would be the drawback to free bsd over redhat
(sounds like it is more secure but what do you loose)
mahalos

Looks like a good setup, but weve recently found out that efreeservers resells for another company, so you may want to look for someone here who doesnt resell.

freebsd is a little harder, mainly because the tools it includes arent as user friendly as linux, wait tell you try to edit something with VI :)

anyways it only took me a couple of days to get the hang of it, if your wanting something unix based all of them will take some learning but i think freebsd is the easiest and closest to linux youll find.

Aloha
they resell for someone ???
who if ya can not post public please email me
very curious about this as I was considering them

OH please do tell
hehehheeh

hmmmmm sounds like they were there own so have to look into this
I would think if you ask them they would have to tell you who
or is it there paretn co and they are doing a hiding kind of thing ??
good info mahalos

Lanset.com, by the way this is just what i heard, but if you do a reverse dns lookup youll see that all thier IP's are owned by this lanset.com

yeah
I know that lans.net was there location
I was told it was a NOC like nac.net
or something ??
will have to try to find out more

there tracert are fast for me fastest of anybody
but speed is no good without redundancy and some bu support or ??

Originally posted by cbaker17
First of all 4.3 is about ready to come out or is already out so 4.2 isnt the newest release which is why i recommended it

I hope you've disabled FTP on all your servers then. FreeBSD releases prior to 4.3-RC3 suffered from a globing bug in ftpd.

While you could build a secure system by taking FreeBSD 4.2-RELEASE and adding the necessary security patches, I don't really see why you'd want to; a branch (FreeBSD 4.3-STABLE) already exists which is designated as "4.3-RELEASE plus security and otherwise critical bugfixes".

Originally posted by cbaker17
If your that worried about security redhat is about the worst distro to have, its full of vulnerabilities, if you do go with redhat make sure you get the newest one 7.1 its about the most secure version out there.

For the ultimate in security and stab. I suggest freebsd 4.2

wrong

7.1 is not necessarily the most secure. Who told you that? As a matter of fact, I would think 7.1 would have more possibilities for exploits then older versions that have been out there for a while. 6.1, 6.2 and 7.0 have had numerous updates to get them up to par. 7.1 is still pretty new. This is windows mentality, "Newer is better".

But I do agree about freebsd.

Efreeservers reselling for lanset? Kind of hard to believe especially since efs is moving all its servers away from lanset to a different place located in san francisco. Their new line provider is Level3 at this location.........