Re: security for a home system
On Mon, Apr 23, 2007 at 01:23:00AM -0700, Paul Johnson wrote:
> Douglas Allan Tutty wrote in Article <[🔎] 20070421174918.GA10236@titan> posted
> to gmane.linux.debian.user:
>
> > If I have two boxes, with two users, linked by ethernet and one box is
> > on dial-up to the ISP, with nothing listening on external ports except
> > the ntp daemon, what is a reasonable stance on security?
>
> Probably, yes.
??
>
> > Given that anyone who breaks into the house will have physical access to
> > the consoles anyway, do I need a whiz-bang long root password, strong
> > passwords on the regular uses, and all the other hypervigalance?
>
> Yes. It's not necessarily what's on the machine, but how it's resources can
> be abused. Most spam is sent from compromised systems of various types.
>
But how does a strong password protect against a physical attack on the
computer? If I find there's been a break into my home, I'll assume that
they got into the computer.
> > If ssh isn't even listening on external interfaces, does it matter if I
> > allow root to ssh (useful for rsyncing backups between the boxes)?
>
> I would recommend against allowing root ssh just in case. It's not that
> hard to sudo anyway.
>
But then how do I rsync the backups? For example, if I make it so that
group adm can read everything, and I'm in group adm, should I just rsync
it with my user name? OTOH, doesn't having group adm able to read the
backups cause a decrease in security? If someone then gets adm access,
they can read everything in the backups.
I'm not arguing against good security practices, I'm arguing against a
blanket knee-jerk response that my not add anything given a home setup.
Doug.
Reply to: