On Mar 14, 2007, at 9:15 PM, Scott Quinn wrote:
I have seen some ontopic books (UNIX, 10 years old
now) that
strongly recommend disabling finger to prevent unauthorized types
from finding likely targets among the accounts. Since then, finger
services (such as cfingerd) have become less of an issue because
you can limit some information, but it's likely that the old maxim
still holds, as well as the new one: if you don't positively need
it than don't turn it on. Too bad, though: 'finger' was nice when
you wanted to get an e-mail address that you weren't certain of.
(after the demise of finger in general circulation I used to
connect to port 25 and try a couple of vrfys- can't do that anymore
in most places, but it's a "legitimate" need for port 25, right?)
Yeah, and I just ran a Nessus scan against a web server at work,
and it recommended that I close port 80 because it's a potential
security risk. The only way the data on a machine is 100% secure is
if the machine is disconnected from the network, powered off, and
sitting in a closet. If one requires more usefulness than that
configuration provides, there is going to be some element of risk.
There's just no way around it.
-Dave
--
Dave McGuire
Port Charlotte, FL