backups Re: Have I been sniffed?

To: Bradley M Alexander <storm@tux.org>
Cc: debian-user@lists.debian.org
Subject: backups Re: Have I been sniffed?
From: Alvin Oga <aoga@ns.Linux-Consulting.com>
Date: Fri, 27 Aug 2004 13:25:21 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.3.96.1040827131608.13373A-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] 20040827152340.A20125@gwyn.tux.org>

hi ya

On Fri, 27 Aug 2004, Bradley M Alexander wrote:

> Depends. I have wireless, and three things I do, from least to most
> draconian:
> 
> 1. Turn off SSID broadcasting.
> 2. Turn on WEP as high as possible (DLinks will do up to 256 bit).
> 3. Tunnel wireless traffic through a VPN (e.g. OpenVPN).
> 
> I recommend doing 1 and 2 anyway, and 3 if you need it.

i equate the "wireless" between to wirelss-pc to be the equivalent
of 2 wired=pcs..
	- anybody ( in the world ) can sniff the copper wire 
	- anybody ( local in your area ) can sniff the air
 
	- which is worst ??

- i use ssh .. on the wire ... ssh over the air should be just as good ?

- if wep is turned on .... ssh data is then wep'd as its sent across 
  and if they decode the data because they deciphered the wep key,
  all they should hopefully see is more ssh encrypted packets

- or am i missing something

> The government documents usually recommend 90 days unless you have higher
> requirements.

:-) low security gov site or high-computer-security gov site ??
 
> And use key-based authentication rather than password based. Passwords used
> in ssh are still sent over the network, whereas, passphrases are kept
> local, as they are only used to decrypt the private key.

from what i understand, maybe incorrectly, if one were to hack your
box and grab your /etc/ssh keys, one can masquerade as your box ...
and if no "human needs to type anything" that that cracker box
can see everything .. since it has the ssh host keys and no app
is asking ... "hey joe, type your secret pass phrase now, you have 3
seconds and 3 tries to get it right"

> > - always make rotating backups ...
> > 	- even days to the even backup server
> > 	- odd days backup to the odd backup server
> 
> Good idea, the only problem is that most breaches are not detected within 2
> days,

that was a simplied example .... personally, i like to span my backups
over a year ... where "good data" is kept intact for as long as reasonable
	-
	- golden rule: no backup file ever overwrites a previous backup file
	- and of course to as many different back servers as possible
	-

>  so it is likely that both backup servers are going to be compromised
> if one is. Of course, if you are running a host-bsased IDS, you will know
> exactly when the breach occurred, and which backupsAto restore from.

that's the fun of the game ... how long to detect the sleeper and how long
to rebuild from bare metal

c ya
alvin

Reply to:

Follow-Ups:
- Re: backups Re: Have I been sniffed?
  - From: Bradley M Alexander <storm@tux.org>

References:
- Re: Have I been sniffed?
  - From: Bradley M Alexander <storm@tux.org>

Prev by Date: XFree suddenly cannot open /dev/psaux
Next by Date: Re: USB and hotplug troubleshooting
Previous by thread: Re: Have I been sniffed?
Next by thread: Re: backups Re: Have I been sniffed?
Index(es):
- Date
- Thread