Re: security for a home system

[Douglas Allan Tutty <dtutty@porchlight.ca>]

On Tue, Apr 24, 2007 at 03:16:47AM -0700, Paul Johnson wrote:
> Douglas Allan Tutty wrote in Article <[🔎] 20070423133018.GA9626@titan> posted to
> gmane.linux.debian.user:
> 
 
> It never hurts to have a border router between your network and the
> Internet, with only the ports you intend to use forwarded to the
> appropriate server.

You wouldn't consider a firewall box hooked up to my analog modem
overkill?

> 
> >> > If ssh isn't even listening on external interfaces, does it matter if I
> >> > allow root to ssh (useful for rsyncing backups between the boxes)?
> >> 
> >> I would recommend against allowing root ssh just in case.  It's not that
> >> hard to sudo anyway.
> > 
> > But then how do I rsync the backups?  For example, if I make it so that
> > group adm can read everything, and I'm in group adm, should I just rsync
> > it with my user name?  OTOH, doesn't having group adm able to read the
> > backups cause a decrease in security?  If someone then gets adm access,
> > they can read everything in the backups.
> 
> rsync and ssh aren't the same, so I'm a little confused where you're coming
> from here.

rsync uses ssh as the transport layer, similar to scp.

Yes, I _could_ set up an rsync daemon on each box but then everything is
going over the network enclare.

Doug.