I'm helping a friend setup a new server. It is going to be used by a small group of people the she knows well.

She has done all the "normal" things. Disabled telnet and setup ssh. Disabled all the unnecessary services (almost nothing is running via inetd).

But her questiosn to me was "how far should I take this".

For exampe:

distable ftp and only allow secure ftp (i.e. scp)
disable pop and only allow apop


This is starting to get close to the "line" in my point of view. Disabling ftp will work in her situation because her group all knows how to use scp, but it is a bit of a pain.

I was really wondering about how many people have actually cracked into a server by snagging a telnet/ftp/pop id/password?

Thanks,

Frank

There's never a stop to security. Bugs and exploits come out every day, and it's the server's admin job to look out for them.

The less services you run, the less there are to exploit.

As to your question, it's not very often that a packet is stolen. Since it can only be stolen by a machine in broadcast area of the networks it travels. Although, if a router is compromised, it could be redirected.

Your machine is not fully secure until you unplug the cat5 cable that's connected to it.

Otherwise, it's never a bad idea to secure things as much as possible while still keeping the server usable. The extent that this can be done to varies depending on the situation you're in.