[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: secure installation

Quoting R. W. Rodolico (rod@dailydata.net):

> Firewalls are for a stupidity shield. I had a situation where I was
> cracked on one of my servers a few years ago. It was totally my fault; I
> had a user I had mistakingly set up as an authorized ssh user who
> shouldn't have been. Their account was cracked, then the cracker got root
> access and installed a daemon that was ready to attack another server.
> 
> My firewall gave one yelp, the cracker realized what was going on and told
> the firewall to shut up, basically. However, I got that one yelp from the
> firewall, investigated, and fixed the issue.

One notes that a ruleset that merely logged (prominently) a suspicious
bit of network traffic that probably shouldn't exist would suffice.
Actual IP/port filtering is orthogonal.

A properly targeted file-based IDS would be very useful for that threat
model, too.

My perspective is influenced by the fact that all attempts to help
debug Linux networking failures have to start with "What does
/sbin/iptables L, run as root, say?" and "What's in /etc/hosts.allow and
/etc/hosts.deny?" -- because people shooting at their pedal extremities
with those, without any idea what they're doing, is a leading cause of
networking problems.

-- 
Cheers,              English is essentially Plattdeutsch as spoken 
Rick Moen            by a Frisian pretending to be French.
rick@linuxmafia.com  -- Andreas Johansson, http://ccil.org/~cowan/essential.html
Reply to: