Well, it's not a statistical survey (there are probably plenty who don't use it, don't know what it is, and didn't respond); but, of those who responded, it was unanimous -- Use it. Steven.Haywood -- telstra shashank -- Oklahoma State paul greidanus -- Univ Alberta CA William D. Hathaway -- perfectorder Steve Michaels -- Johns Hopkins University William Yodlowski -- Rutgers Rich Bishop -- Drexel Rob McCauley -- Duke Mike's List Jon Lockley -- comlab ox ac uk dale poulter -- vanderbilt Scott.Kelley -- Disney Tim Chipman -- Ecopia Bio John W. Ballard -- U of Washington Neil Quiogue Jason Grove -- Systems West Virginia Univ peter bauer -- itserv de Most of the answers were simple endorsements saying that they use it and it works. Several mentioned stringent policies of blocking everything coming in by default and then opening only what is specifically needed. Obviously, as always, there is no panacea. Services on ports that are opened must be up to date and secured in their own right. All other security measure should be continued. The ipfilter FAQ is a must read: <http://www.phildev.net/ipf/> Some people mentioned using the pre built ipfilter from the web site marauding pirates. Building it yourself is a little tricky. The Solaris section of the FAQ goes over the issues. Thanks to everyone. --------------- Chris Hoogendyk - O__ ---- Network Specialist & Unix Systems Administrator c/ /'_ --- Library Information Systems & Technology Services (*) \(*) -- W.E.B. Du Bois Library ~~~~~~~~~~ - University of Massachusetts, Amherst <choogend@library.umass.edu> --------------- -------- Original Message -------- Subject: ipfilter on production servers Date: Thu, 13 May 2004 10:38:52 -0400 From: Chris Hoogendyk <choogend@library.umass.edu> To: Sun Managers <sunmanagers@sunmanagers.org> The world is getting nastier, and it seems that even with removing almost everything from inetd.conf, using tcp_wrappers, using ssh and turning off ordinary telnet and ftp, keeping up patches, etc., servers are still getting hacked. So, I'm wondering how many sysadmins go to http://coombs.anu.edu.au/~avalon/ set up ipfilter, and get really strict, putting up rules to block virtually everything, whether it is coming or going. this on top of removing unused services that might be listening on ports. most of my servers are: SUNW,Ultra-250 Solaris 8 1/01 s28s_u3wos_08 SPARC they vary significantly, with some webservers, an oracle server, a SunRay server, an ezproxy server, etc. I'm in an academic environment, so traditionally we have not had network based perimeter firewalls. --------------- Chris Hoogendyk - O__ ---- Network Specialist & Unix Systems Administrator c/ /'_ --- Library Information Systems & Technology Services (*) \(*) -- W.E.B. Du Bois Library ~~~~~~~~~~ - University of Massachusetts, Amherst <choogend@library.umass.edu> --------------- _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Fri May 14 09:49:48 2004
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:31 EST