Re: backups Re: Have I been sniffed?
On Fri, Aug 27, 2004 at 01:25:21PM -0700, Alvin Oga wrote:
>
> hi ya
>
> On Fri, 27 Aug 2004, Bradley M Alexander wrote:
>
> > Depends. I have wireless, and three things I do, from least to most
> > draconian:
> >
> > 1. Turn off SSID broadcasting.
> > 2. Turn on WEP as high as possible (DLinks will do up to 256 bit).
> > 3. Tunnel wireless traffic through a VPN (e.g. OpenVPN).
> >
> > I recommend doing 1 and 2 anyway, and 3 if you need it.
>
> i equate the "wireless" between to wirelss-pc to be the equivalent
> of 2 wired=pcs..
> - anybody ( in the world ) can sniff the copper wire
> - anybody ( local in your area ) can sniff the air
>
> - which is worst ??
Wireless is worse because in order to sniff the wire, you have to be
physically connected. With wireless, I can sit in my car or one of your
neighbor's houses and get the same information.
> - i use ssh .. on the wire ... ssh over the air should be just as good ?
Yes, it should be.
> - if wep is turned on .... ssh data is then wep'd as its sent across
> and if they decode the data because they deciphered the wep key,
> all they should hopefully see is more ssh encrypted packets
>
> - or am i missing something
No, this is accurate.
> > The government documents usually recommend 90 days unless you have higher
> > requirements.
>
> :-) low security gov site or high-computer-security gov site ??
Low and medium security risk.
> > And use key-based authentication rather than password based. Passwords used
> > in ssh are still sent over the network, whereas, passphrases are kept
> > local, as they are only used to decrypt the private key.
>
> from what i understand, maybe incorrectly, if one were to hack your
> box and grab your /etc/ssh keys, one can masquerade as your box ...
> and if no "human needs to type anything" that that cracker box
> can see everything .. since it has the ssh host keys and no app
> is asking ... "hey joe, type your secret pass phrase now, you have 3
> seconds and 3 tries to get it right"
True, but remember that ssh uses a public key encryption scheme. A public
key that is distributed to the four winds and a private key that is kept
just taht -- private. The private key is owned/readable by root, so in
order to get access to the private key, you have to have root access to the
box, and at that point, the game is already over. There is a severe
security breach that has already happened...And your ssh key is probably
the least of your worries.
> > > - always make rotating backups ...
> > > - even days to the even backup server
> > > - odd days backup to the odd backup server
> >
> > Good idea, the only problem is that most breaches are not detected within 2
> > days,
>
> that was a simplied example .... personally, i like to span my backups
> over a year ... where "good data" is kept intact for as long as reasonable
> -
> - golden rule: no backup file ever overwrites a previous backup file
> - and of course to as many different back servers as possible
> -
I guess i do something similar. Daily backups distributed to two servers,
but weekly and especially monthly backups are written to hard media (CD in
my case). I also try only to back up enough so Debian has info to rebuild
from the archives (e.g. apt-get dselect-upgrade) and my unique data.
Generally my backups are not writing anything that is going to get
compromised.
--
--Brad
========================================================================
Bradley M. Alexander |
IA Analyst, SysAdmin, Security Engineer | storm [at] tux.org
Debian/GNU Linux Developer | storm [at] debian.org
========================================================================
Key fingerprints:
DSA 0x54434E65: 37F6 BCA6 621D 920C E02E E3C8 73B2 C019 5443 4E65
RSA 0xC3BCBA91: 3F 0E 26 C1 90 14 AD 0A C8 9C F0 93 75 A0 01 34
========================================================================
It's lonely at the top, but you eat better.
Reply to: