|
-
October 3rd, 2006, 11:59 PM
#7
Originally posted here by Synful
Within the context of 0days...
Remove the path to root. Bind services to ports >1024 and use NAT redirection to match them to their "official" ports. This will allow you to run the service as a much less priveleged user.
Security is not just about keeping bad stuff out, you also need to take steps to mitigate the scope of any compromise.
Also another nifty thing to do would be to change the banners for all the services you run to something that you don't run.
(ie. running thttpd but changing the banner to make it seem as if you're running Apache, or running the latest sshd, but changing the banner to make it seem as if you're running some outdated, possibly vulnerable, sshd). This will probably weed out 99% of all attacks. And you can configure your Firewall to pick up any requests specifically for these faux-services.
...This Space For Rent.
-[WebCarnage] 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
![[WebCarnage] is offline](/images/statusicon/user-offline.png)
Reply With Quote