how can they get in?
- i have a dedicated linux server (RH 8.0)
- a hardware firewall (snapgear lite plus) with three ports open: 22, 80, 443
- up-to-date versions of openssh, openssl, zlib, java, apache, tomcat, mysql (basically, it's used as a web server, and nothing else)
currently, i don't have anything listening to 443 - this will eventually be used for getting sensitive user data. (nmap only sees 22 and 80)
there are two user ids, both of which have random passwords.
how might a hacker get into this system?
the reason i ask is that i'm getting close to going live, and i've been working under the assumption that with very few processes and virtually no open ports, that i should be ok. but given this type of system, what kinds of attacks are there? (i'm more concerned about data being compromised than DoS)
daniel
