If this is behind a firewall then block all other ports on the
firewall. If not then I would suggest IPTABLES for you. Also check for
any services running that you do not need and disable them. In
addition to those basics , run your SFTP daemon as a local user to
avoid exposing a service under root to the Internet. If your external
users that will be using the service are fixed IP machines then allow
only those machines.
I would also suggest an IDS such as snort for example. Other things to
account for are services this machine offers to more than one network.
If you have other services being offered to your internal LAN for
example then you might want to bind each service to it's corresponding
network address to avoid external users for example , using your
internal services.
Could you tell me more about your setup and the machine?
firewall. If not then I would suggest IPTABLES for you. Also check for
any services running that you do not need and disable them. In
addition to those basics , run your SFTP daemon as a local user to
avoid exposing a service under root to the Internet. If your external
users that will be using the service are fixed IP machines then allow
only those machines.
I would also suggest an IDS such as snort for example. Other things to
account for are services this machine offers to more than one network.
If you have other services being offered to your internal LAN for
example then you might want to bind each service to it's corresponding
network address to avoid external users for example , using your
internal services.
Could you tell me more about your setup and the machine?
Regards,
Mario
[ reply ]