[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Securing SSH: Does disabling password authentication work?

hi ya steve

On Mon, 3 Oct 2005, Steve Block wrote:

> Who said anyone was cracked? I'm trying to take a proactive security
> approach here.

i thought, maybe stupidly, that the original poster was cracked
and was trying to shutdown ssh for that cracker ( stop um from
getting in .. etc )... 

but in either case ... it doesn't matter, as the security precautions
is same, of what to do before you're cracked which was the current
progress of the thread

> it's just hard to find any solid info on this.

what kind of solid info .. there's probably too much of it ??
and the problem is for a possible security solution, you'd get
100 different answers by asking 100 security folks and who
knows what you get from asking general public :-)

ssh and all apps ( the box ) can be attacked dozens of different ways ...
not just by passwd/passphrase, etc


best way is probably look at all the existing exploits
which implies it is a real problem and presumably had been 
used successfully in the past to break in


with wireless this and wireless that  and laptops ...

	- breaking in should be trivial for local attackers
	but you really dont want to be face to face with the
	victim do you ??  :-)

"[in]security game" is over when:
	- you lost data

	- you or other people cannot use the computer

	- you lost time and have to fix it when you weren't
	plannin on that time for security work

	- you cannot go home for the kids birthday, cause
	you have t stay to fix the security problem or
	that you're getting beeped by unsuccessful  attacks

	- worst case is if, by law, you have to tell your 
	customers about it and the circumstances etc

c ya

Reply to: