ipfilter

BenCheer.com · ‎08-21-2006

My company using hpux v11i v2, if i've build up a apache http, and use ipf as firewall.
Port 80, 443
I try to check ipf log which pass through those ports, and check apache log whether it contains executable command ....././passwd, ././chmod , etc.

My question is what i am checking is enough or not?

Thanks a lot

Peter Godron · ‎08-21-2006

Hi,
seems you are checking all the correct files, but what are you trying to prevent/detect.

BenCheer.com · ‎08-21-2006

Hi ,
My supervisor want me to prevent hacking from internet.

Steven E. Protter · ‎08-21-2006

Shalom,

Go with an ipfilter configuration that first rejects allpass through, and then accepts only 80 and 443.

This will limit traffic to your machine to those two ports alone.

This alone is not enough to prevent hacking but it will limit their options. Its still possible to exploit web server flaws and gain access to the box.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

BenCheer.com · ‎08-22-2006

if i try put a firewall(such as checkpoint) in front of unix then put the web server (unix) within DMZ, is it much more better?

thx

Robert Fritz · ‎09-05-2006

I'd also suggest going through your http.conf file and removing any module support you don't need, and the functionality you don't use. Also, you may consider using HP-UX Bastille to harden your system further.

-R

Those Who Would Sacrifice Liberty for Security Deserve Neither." - Benjamin Franklin

BenCheer.com · ‎09-06-2006

Thanks

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

ipfilter

ipfilter

Re: ipfilter

Re: ipfilter

Re: ipfilter

Re: ipfilter

Re: ipfilter

Re: ipfilter