[Summary] ipfilter on production servers

From: Chris Hoogendyk <choogend_at_library.umass.edu>
Date: Fri May 14 2004 - 09:50:02 EDT
Well, it's not a statistical survey (there are probably plenty who don't 
use it, don't know what it is, and didn't respond); but, of those who 
responded, it was unanimous -- Use it.

	Steven.Haywood -- telstra
	shashank -- Oklahoma State
	paul greidanus -- Univ Alberta CA
	William D. Hathaway -- perfectorder
	Steve Michaels -- Johns Hopkins University
	William Yodlowski -- Rutgers
	Rich Bishop -- Drexel
	Rob McCauley -- Duke
	Mike's List
	Jon Lockley -- comlab ox ac uk
	dale poulter -- vanderbilt
	Scott.Kelley -- Disney
	Tim Chipman -- Ecopia Bio
	John W. Ballard -- U of Washington
	Neil Quiogue
	Jason Grove -- Systems West Virginia Univ
	peter bauer -- itserv de


Most of the answers were simple endorsements saying that they use it and 
it works. Several mentioned stringent policies of blocking everything 
coming in by default and then opening only what is specifically needed.

Obviously, as always, there is no panacea. Services on ports that are 
opened must be up to date and secured in their own right. All other 
security measure should be continued.

The ipfilter FAQ is a must read: <http://www.phildev.net/ipf/>

Some people mentioned using the pre built ipfilter from the web site 
marauding pirates. Building it yourself is a little tricky. The Solaris 
section of the FAQ goes over the issues.

Thanks to everyone.



---------------

Chris Hoogendyk

-
    O__  ---- Network Specialist & Unix Systems Administrator
   c/ /'_ --- Library Information Systems & Technology Services
  (*) \(*) -- W.E.B. Du Bois Library
~~~~~~~~~~ - University of Massachusetts, Amherst

<choogend@library.umass.edu>

---------------





-------- Original Message --------
Subject: ipfilter on production servers
Date: Thu, 13 May 2004 10:38:52 -0400
From: Chris Hoogendyk <choogend@library.umass.edu>
To: Sun Managers <sunmanagers@sunmanagers.org>

The world is getting nastier, and it seems that even with removing
almost everything from inetd.conf, using tcp_wrappers, using ssh and
turning off ordinary telnet and ftp, keeping up patches, etc., servers
are still getting hacked.

So, I'm wondering how many sysadmins go to

	http://coombs.anu.edu.au/~avalon/


set up ipfilter, and get really strict, putting up rules to block
virtually everything, whether it is coming or going. this on top of
removing unused services that might be listening on ports.

most of my servers are:
	SUNW,Ultra-250
	Solaris 8 1/01 s28s_u3wos_08 SPARC

they vary significantly, with some webservers, an oracle server, a
SunRay server, an ezproxy server, etc.

I'm in an academic environment, so traditionally we have not had network
based perimeter firewalls.



---------------

Chris Hoogendyk

-
    O__  ---- Network Specialist & Unix Systems Administrator
   c/ /'_ --- Library Information Systems & Technology Services
  (*) \(*) -- W.E.B. Du Bois Library
~~~~~~~~~~ - University of Massachusetts, Amherst

<choogend@library.umass.edu>

---------------
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Fri May 14 09:49:48 2004

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:31 EST