Re: Securing SSH: Does disabling password authentication work?
hi ya steve
On Mon, 3 Oct 2005, Steve Block wrote:
> Who said anyone was cracked? I'm trying to take a proactive security
> approach here.
i thought, maybe stupidly, that the original poster was cracked
and was trying to shutdown ssh for that cracker ( stop um from
getting in .. etc )...
but in either case ... it doesn't matter, as the security precautions
is same, of what to do before you're cracked which was the current
progress of the thread
> it's just hard to find any solid info on this.
what kind of solid info .. there's probably too much of it ??
and the problem is for a possible security solution, you'd get
100 different answers by asking 100 security folks and who
knows what you get from asking general public :-)
ssh and all apps ( the box ) can be attacked dozens of different ways ...
not just by passwd/passphrase, etc
best way is probably look at all the existing exploits
which implies it is a real problem and presumably had been
used successfully in the past to break in
with wireless this and wireless that and laptops ...
- breaking in should be trivial for local attackers
but you really dont want to be face to face with the
victim do you ?? :-)
"[in]security game" is over when:
- you lost data
- you or other people cannot use the computer
- you lost time and have to fix it when you weren't
plannin on that time for security work
- you cannot go home for the kids birthday, cause
you have t stay to fix the security problem or
that you're getting beeped by unsuccessful attacks
- worst case is if, by law, you have to tell your
customers about it and the circumstances etc