Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
howto:hardening [2012/03/06 22:10] – [Disable Plain Text Protocols] - removed repetitive step from instructions magikh0e | howto:hardening [2014/07/25 02:29] (current) – Synchronet supports Digest auth now, you don't need to disable the server to disable Basic auth deuce | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Hardening the Synchronet Servers ====== | ====== Hardening the Synchronet Servers ====== | ||
- | Hardening a system is the process in which an administrator or systems operator reduces the chance an attacker can either gain access or information from a system. | + | Hardening a system is the process in which an administrator or systems operator reduces the chance an attacker can either gain access or information from a system. |
===== Identifing your version of Synchronet ===== | ===== Identifing your version of Synchronet ===== | ||
- | Use of this document requires you to know which version of the software you are using. To identify what version | + | Use of this document requires you to know which version of the software you are using and ensuring you are using the most up-to-date |
- | On linux run: exec/sbbs - The version will be listed on the first line. | + | To identify what version of Synchro you are running: |
- | On Windows: | + | **Linux**: exec/sbbs -h |
+ | **Windows**: From the // | ||
+ | To check the latest available version of Synchro: [[http:// | ||
===== Why Harden My Server ===== | ===== Why Harden My Server ===== | ||
An Attacker can us various tactics to compromise a system - The reasons for compromising a system can include; | An Attacker can us various tactics to compromise a system - The reasons for compromising a system can include; | ||
Line 17: | Line 19: | ||
===== Settings to Harden ===== | ===== Settings to Harden ===== | ||
- | Some settings I'm proposing to harden include. | ||
- | |||
This guide will cover hardening synchronet from a security point of view, as well as an operational security point of view. Sometimes hardening breaks or removes functionality.. | This guide will cover hardening synchronet from a security point of view, as well as an operational security point of view. Sometimes hardening breaks or removes functionality.. | ||
Line 50: | Line 50: | ||
==== Disable Plain Text Protocols ==== | ==== Disable Plain Text Protocols ==== | ||
- | //Note//: By hardening some of these functions below, you may also remove | + | //Note//: By hardening some of these functions below, you may also remove |
* Blocking telnet and Enabling SSH. | * Blocking telnet and Enabling SSH. | ||
Line 65: | Line 65: | ||
* Don't enable HTTP with basic auth | * Don't enable HTTP with basic auth | ||
- | * HTTP with basic auth is not a secure method of transferring information - at any given time it's possible HTTP with basic auth sessions could be intercepted | + | * HTTP with basic auth is not a secure method of transferring information - at any given time it's possible HTTP, with basic auth sessions, could be intercepted |
* Change: Configuration Value | * Change: Configuration Value | ||
- | | + | |
+ | | ||
* Don't enable NNTP | * Don't enable NNTP | ||
Line 85: | Line 86: | ||
* If you plan to recieve mail on your BBS | * If you plan to recieve mail on your BBS | ||
* POP3 and SMTP | * POP3 and SMTP | ||
- | * If you only play to send mail on your BBS | + | * If you only plan to send mail on your BBS |
* SendMail | * SendMail | ||
+ | |||
+ | === Logging === | ||
+ | **Unix**: [[config: | ||
+ | |||
===== Hardening Suggestions for 3.16: ===== | ===== Hardening Suggestions for 3.16: ===== | ||
- | * Passwords should not be echo'd to the log/console | ||
- | * Set SCFG-> | ||
- | * Alternatively, | ||
- | * Disable passwords being sent in emails | ||
- | * Set email_passwords=false in the [login] section of the ctrl/ | ||
* Disable Showing Version information to clients | * Disable Showing Version information to clients | ||
- | * text/ | + | * text/ |
Things to Investigate: | Things to Investigate: | ||
- | @NUMDIR@ - JS_VER - LIB LIBL - LN - MSG_LIB - SOCKET_LIB | + | //**@NUMDIR@**// - //**@JS_VER**// - //**@LIB LIBL**// - //**@LN**// - //**@MSG_LIB**// - //**@SOCKET_LIB**// |