Re: My machine was hacked - possibly via sshd? - old/new

To: Malcolm Ferguson <Malcolm_Ferguson@yahoo.com>
Cc: debian-security@lists.debian.org
Subject: Re: My machine was hacked - possibly via sshd? - old/new
From: Alvin Oga <aoga@mail.Linux-Consulting.com>
Date: Mon, 28 Mar 2005 14:13:43 -0800 (PST)
Message-id: <[🔎] Pine.LNX.3.96.1050328135002.15093A-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] 42487665.6030007@yahoo.com>

hi ya malcolm

On Mon, 28 Mar 2005, Malcolm Ferguson wrote:

> A very good lesson for me.

and for everybody reading the lists :-), we're sorry you were 
volunteered for the task today :-)
 
> I'm curious though about your statements telling me that everything I 
> have is old and that I should be using new versions.  This makes me ask: 
> what is the point of Debian stable?  Everything but the kernel was a 
> Debian stable package with all the latest security patches.

there is 2 schools of thought:

	- fix it daily, upgrade "now" ( aka sid in debian world )
	- or -
	- if it ain't broke, leave it alone (aka stable in debian world)
	( and more than likely.. by touching it... it is now broken )

both have merits to it's favors
both have serious consequences to it's demise

neither is right for everybody for all situations ..
neither is right for some for some situations .. but what ya gonna do,
write your own ?? ( yupperz :-)

Neither approach will protect you against things that is "NOT" in the
*.deb packages ... some things, people have to learn by
"personal" experience, sometimes more than once before it sinks in

things that *.deb won't help protect your machines/data are things like:
	- allow only certain ip# to ssh into your pc
	- dont use clear text passwd
	- choose good passwds
	- disallow user login into machines exposed to the outside
	- have 100% working/tested/functional backups
	-
	- testing things before deploying
	-
	- ASSUME THAT YOU ARE BEING SNIFFED 24x7x365
	-
	- ASSUME THAT THEY HAVE INSTALLED A KEYBOARD SNIFFER
	  ( they should need physical access to use the passphrase info ) 
	-
	- ... endless lists of googlezillion[tm] security items


> With your suggestions and those from others, I have some more ideas 
> about how to harden this machine.  I've also been looking (again) at the 
> securing Debain manual, but I think some of it is out of date (written 
> for Debian 2.2???).

more fun collection of boring reading ..
	http://Linux-Sec.net

what are you gonna harden ?? and what is the intended goal and
time to spend on each ??

	- "how" is hardening" gonna prevent simiar similar breakins

	- the kernel ? - with what apps .. there's about 30 kernel
	hardening apps
		http://Linux-Sec.net/Kernel

	- ssh ?? with what ?? -- hosts.allow/deny, passphrase
	- apache ??
	- mysql ??
	- exim/sendmail/..
	- php ??

	- what are the most common security announcements and patches ?

security stuff *.deb can't help you, but will(should) help cover your
machines "better", more effectively than just daily patching

	- clear text passwd policy ( passwd is 123abc, ma1c01m )
	- wireless access policy ( they can see yu from the mountain top )
	- vpn access policy ?? ( if yu can get in, they can too )
	- dhcp access policy ?? ( aka allow anybody to connect and sniff )
	- passwd policy ?? ( no passwdless login, human typing required
				from spaecific machines only )
	- email policy ?? ( antivirus, antispam .. )
	- computer data policy ?? ( backups )
	- user account policy ??

	- endless list

==
== anything you can do ... they can do too
==

fun stuff ... 

c ya
alvin

Reply to:

References:
- Re: My machine was hacked - possibly via sshd?
  - From: Malcolm Ferguson <Malcolm_Ferguson@yahoo.com>

Prev by Date: Re: My machine was hacked - possibly via sshd?
Next by Date: Re: My machine was hacked - possibly via sshd?
Previous by thread: Re: My machine was hacked - possibly via sshd?
Next by thread: Re: My machine was hacked - possibly via sshd?
Index(es):
- Date
- Thread