Re: security for a home system
Douglas Allan Tutty wrote in Article <[🔎] 20070425001403.GC7286@titan> posted to
gmane.linux.debian.user:
> On Tue, Apr 24, 2007 at 03:16:47AM -0700, Paul Johnson wrote:
>> Douglas Allan Tutty wrote in Article <[🔎] 20070423133018.GA9626@titan> posted
>> to gmane.linux.debian.user:
>>
>
>> It never hurts to have a border router between your network and the
>> Internet, with only the ports you intend to use forwarded to the
>> appropriate server.
>
> You wouldn't consider a firewall box hooked up to my analog modem
> overkill?
If you're on dialup, you're probably fine with just what you have. If
you're on a dedicated connection, you should take a look at
http://www.dd-wrt.org/ for the cheap way into a decent router.
>> >> > If ssh isn't even listening on external interfaces, does it matter
>> >> > if I allow root to ssh (useful for rsyncing backups between the
>> >> > boxes)?
>> >>
>> >> I would recommend against allowing root ssh just in case. It's not
>> >> that hard to sudo anyway.
>> >
>> > But then how do I rsync the backups? For example, if I make it so that
>> > group adm can read everything, and I'm in group adm, should I just
>> > rsync
>> > it with my user name? OTOH, doesn't having group adm able to read the
>> > backups cause a decrease in security? If someone then gets adm access,
>> > they can read everything in the backups.
>>
>> rsync and ssh aren't the same, so I'm a little confused where you're
>> coming from here.
>
> rsync uses ssh as the transport layer, similar to scp.
Interesting. I did not know that... for some reason, I thought it was in
the rsh family...
> Yes, I _could_ set up an rsync daemon on each box but then everything is
> going over the network enclare.
I'm not sure which of my language skills failed me here... Comment
dites-vous l'"enclare" en anglais?
--
Paul Johnson
Email and IM (XMPP & Google Talk): baloo@ursine.ca
Reply to: