Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
howto:hardening [2012/03/06 22:04] – [Settings to Harden] - document cleanups magikh0e | howto:hardening [2012/03/06 22:34] – [Disable Plain Text Protocols] - added logging section magikh0e | ||
---|---|---|---|
Line 5: | Line 5: | ||
===== Identifing your version of Synchronet ===== | ===== Identifing your version of Synchronet ===== | ||
- | Use of this document requires you to know which version of the software you are using. To identify what version | + | Use of this document requires you to know which version of the software you are using and ensuring you are using the most up-to-date |
- | On linux run: exec/sbbs - The version will be listed on the first line. | + | To identify what version of Synchro you are running: |
- | On Windows: | + | **Linux**: exec/sbbs -h |
+ | **Windows**: From the // | ||
+ | To check the latest available version of Synchro: [[http:// | ||
===== Why Harden My Server ===== | ===== Why Harden My Server ===== | ||
An Attacker can us various tactics to compromise a system - The reasons for compromising a system can include; | An Attacker can us various tactics to compromise a system - The reasons for compromising a system can include; | ||
Line 57: | Line 59: | ||
* **Enabling SSH on Win32**: | * **Enabling SSH on Win32**: | ||
- | * From the // | + | * From the // |
* Disable FTP | * Disable FTP | ||
* FTP is not a secure method of transferring information - at any given time it's possible FTP sessions could be intercepted (most dangerous during authentication) | * FTP is not a secure method of transferring information - at any given time it's possible FTP sessions could be intercepted (most dangerous during authentication) | ||
- | * **Disable FTP on Win32**: From the // | + | * **Disable FTP on Win32**: From the // |
* Don't enable HTTP with basic auth | * Don't enable HTTP with basic auth | ||
* HTTP with basic auth is not a secure method of transferring information - at any given time it's possible HTTP with basic auth sessions could be intercepted | * HTTP with basic auth is not a secure method of transferring information - at any given time it's possible HTTP with basic auth sessions could be intercepted | ||
* Change: Configuration Value | * Change: Configuration Value | ||
- | * **Disable Web Server on Win32**: From the // | + | * **Disable Web Server on Win32**: From the // |
* Don't enable NNTP | * Don't enable NNTP | ||
Line 87: | Line 89: | ||
* If you only play to send mail on your BBS | * If you only play to send mail on your BBS | ||
* SendMail | * SendMail | ||
+ | |||
+ | === Logging === | ||
+ | **Unix**: [[config: | ||
+ | |||
===== Hardening Suggestions for 3.16: ===== | ===== Hardening Suggestions for 3.16: ===== | ||
- | * Passwords should not be echo'd to the log/console | ||
- | * Set SCFG-> | ||
- | * Alternatively, | ||
- | * Disable passwords being sent in emails | ||
- | * Set email_passwords=false in the [login] section of the ctrl/ | ||
* Disable Showing Version information to clients | * Disable Showing Version information to clients | ||
- | * text/ | + | * text/ |
Things to Investigate: | Things to Investigate: | ||
- | @NUMDIR@ - JS_VER - LIB LIBL - LN - MSG_LIB - SOCKET_LIB | + | //**@NUMDIR@**// - //**@JS_VER**// - //**@LIB LIBL**// - //**@LN**// - //**@MSG_LIB**// - //**@SOCKET_LIB**// |