How much security is "enough"?

I'm helping a friend setup a new server. It is going to be used by a small group of people the she knows well.

She has done all the "normal" things. Disabled telnet and setup ssh. Disabled all the unnecessary services (almost nothing is running via inetd).

But her questiosn to me was "how far should I take this".

For exampe:


This is starting to get close to the "line" in my point of view. Disabling ftp will work in her situation because her group all knows how to use scp, but it is a bit of a pain.

I was really wondering about how many people have actually cracked into a server by snagging a telnet/ftp/pop id/password?

Thanks,

Frank

 

 

 

 

Top