4 Knowledge Base

 

 TelecomTrainning.net > Knowledge Base
 Viewing KB Article
Good Morning, - Please register or - log-in to your account.
Search
Search   Saved Questions   Ask a question
Keywords 
 
Available categories
LTE
100 of Questions in LTE
CCNA Certification
CCNA Sample Q & A (1000 + Q &A)
(Network +) Certification
(Network +) Sample Q & A (1000 + Q &A)
Networking
General/Interview Q& A on Networking
Home Networking
General/Interview Q& A on Networking
VOIP, SIP & Asterisk
Q & A on VOIP,Ethereal, SIP & Asterisk
Telecom Test Equipments
Q & A on Telecom Test Equipment
PSTN / Wireline
General / Interview Q & A on PSTN / Wireline
LTE, Wireless, 3G ,Diameter and HSS
General/Interview Q & A on LTE, Wireless, 3G ,Diameter and HSS
Telecom General
Any Q & A in Telecom in General

Top Questions
Friends, Describe Secure storage and distribution of A-Keys?
what is the difference between E1 signal & Ethernet signal ?
How do I monitor SS7 Traffic in spectra2?
Can you tell me about PBGT?
Explain me the difference between a repeater, bridge and router? Relate this to the OSI model.
What is the difference between BRI & PRI ?
Guys what is the purpose of Umbrella Cell Approach in GSM ?
how can we explain media gateway in MSc?
What is GGSN?
What is the difference between Electrical-tilt and Mechanical-tilt of an antenna?
What is BSC?
What is demarc point?
Can any one explain me how sms flow will work using ss7 network ?( from physical layer to application layer)
why cellphone towers are painted in red and white?
Explain SLTA and SLTM messages in MTP3?
Hi guys what is WAP?
wat is the difference betweem MSC & GMSC, & MSS & GCS?
what is EDAp? what is the functions of EDAP?
What is a circuit id?
what is sdh?

How to set up home system or server in Solaris with a firewall?
tyson 17-October-2008 05:07:53 PM

Comments


plz visit
www.unix-tutorials.com/search.php?act=search&term=How+to+set+up+a+home+web+server - 34k -
Posted by waqasahmad


Solaris provides ipf command-line for setting-up their firewall subsystems.
Posted by suresh123


Is there any security concern about assigning home directories to each
> user in Unix like operating systems? What would we loose (or gain) by not
> creating these directories?

That all depends on whether or not the permissions are set
correctly. Unix practice says that default umask on file permissions is
such that new files created will be readable by everyone on the system.

$man umask

and change it in /etc/profile if you don't like this idea.

As for what you lose or gain, that also depends on some things, like
whether or not these accounts exist just so administrators can su to
root, or whether they're actual nonprivileged users that need to get
into the shell or transfer data there. If you don't create home dirs,
and said user with no home directory shells in, they'll be greeted with
a nice little message warning that they have no home directory, and
their home directory will be forced to the root (/). Now you have a
user logged in with nowhere to store any data, other than /tmp, which is
usually world-writable.

I think we need more information on what exactly you are trying to
accomplish here.

> What kind of security risks would we face by using/allowing passive
> FTP?

FTP, in any standard form, is a plain-text protocol, meaning
authentication happens in a viewable form over the wire, ie:

USER somebody
PASS mypassword

Thus, if a machine on the same segment is compromised, you run the risk
of having FTP or telnet authentication sniffed out.

Better alternatives for shell services and file transfer include SSH and
SFTP, which do all their authentication in an encrypted form, making
sniffing auth strings much more difficult (provided you are using
version 2 of the SSH protocol).

If you are providing FTP services to end-users outside of your
enterprise, getting them to use SFTP may prove difficult, so you may be
forced to allow plain-text FTP, but for shell access, i would (and do)
insist on SSH2 only.


> 4-) Is it practically possible to have a test environment (test server)
> for firewall rulebase or configuration changes?

Certainly; It's both possible and recommended. Making drastic firewall
rulebase changes without testing them first can be catastrophic,
especially if the rules get out of order somehow and you end up with a
DROP policy somewhere in the middle of one of the chains. Best
practice is to have a small network in a lab where you can test your
firewall rules with a subset of different IPs. Remember to always save
firewall rule chains to disk before they are modified, and back them up
somewhere other than the firewall machine itself.


Posted by sagitraz

Q&A Rating

Q&A Rating
Rate This Question and Answer

Related Questions
I need to know What are the possible ways of data exchange? Can somebody help me?
 
What Kind of cable should I use for connectivity between switch uplink to switch uplink?
 
Friends, Explain 2D circuit and its purpose?


Search questions via popularity
Top viewed questions  Top emailed questions  Most printed questions  Most saved questions
 
Copyright © Telecom Training, All Rights Reserved