Hi,
I currently manage two DSS servers located at a data center. They both have one network card connected directly to the internet for remote configuration.
I do not have any problem with the DSS having a lot of ports open towards our storage network, but having over 2000 open ports to the internet gives me quite a headache..
For example: I use the FTP service, but I dont need it to be seen over the internet. (nmap said its a ProFTPD, which had quite some security issues over the last years)
I use SMB, but I dont think everyone who scans the hosts should see whats the name of my workgroup.
and so on
I only need port 443 (http-SSL) to be open to the outside world for configuration.
I would be happy if I could filter the 4097 other ports currently being seen as "open" to a nessus scan.
As I do not have a hardware firewall in front of the NICs to the internet of the DSS boxes I was wondering why there is no possibility to set up a simple iptables firewall on the servers as they are running Linux anyway.
Unfortunately there is no way to SSH into the DSS servers (so I could set it up myself) I hereby add this to my wishlist :-)
Here you can find a nessus scan result of one of the boxes:
http://streikt.net/dss.html
It sais it is possible to connect as "guest" to SMB.
I tried it, and this is true. OK you cannot connect to any of the shared folders as I set them o be only readable by authenticated users but you can see their names.. thats not nice..