Re: How can I secure a Debian installation?

To: debian-user@lists.debian.org
Subject: Re: How can I secure a Debian installation?
From: Jerry Stuckle <jstuckle@attglobal.net>
Date: Fri, 31 Jan 2014 16:24:52 -0500
Message-id: <[🔎] 52EC14A4.7080307@attglobal.net>
In-reply-to: <[🔎] 52EC0E77.2070101@biotec.tu-dresden.de>
References: <[🔎] 52E7310A.1050305@q.com> <[🔎] 52E7430C.2010908@gmail.com> <[🔎] 52E76165.7020903@q.com> <[🔎] 20140128094643.6ee293e7@jretrading.com> <[🔎] CAD4guxPnaDnwBgjEms8PnMT22myXJj7esT01ug-P-feR4+_rQw@mail.gmail.com> <[🔎] 20140128184234.GL3888@copernicus.demon.co.uk> <[🔎] 20140130185311.51a2a863@X200> <[🔎] 20140130202637.GN3888@copernicus.demon.co.uk> <[🔎] CAD4guxODr4vFdqyyg20uJdiK-8zk-dDQX9poa5asX8HuG1hkBg@mail.gmail.com> <[🔎] 52EBB86A.9050803@attglobal.net> <[🔎] 52EC0E77.2070101@biotec.tu-dresden.de>

On 1/31/2014 3:58 PM, Alex Mestiashvili wrote:

I have to agree with you here, Raffaele.  While it's nice to talk
about users and 20 character random keys, the fact of the matter is,
they aren't used by the vast majority of users.  In many cases, even
those who *should* know better don't do it.

Sure, you could require a 20 character random key on your site - but
you won't get many people to sign up.  Rather than try to remember
such a password, most people will just move on.

There are other tools too, for example pam-abl [0], which imho makes a
brute force almost useless unless there is a distributed brute force...
http://sourceforge.net/projects/pam-abl/

Regards,
Alex



Alex,

Yes, I'm familiar with the tools, but any halfway serious hacker willhave at his/her disposal a bunch of proxies around the world; the*really* serious ones will have spread malware and have tens ofthousands (or more) zombie machines available.

For three days I had someone trying to break into my Exim system; theydidn't get anywhere because they were blocked almost as soon as theytried. But they just switched to another proxy and tried again.


It's a never-ending battle.

Jerry

Reply to:

References:
- How can I secure a Debian installation?
  - From: Jon Danniken <danniken@q.com>
- Re: How can I secure a Debian installation?
  - From: Scott Ferguson <scott.ferguson.debian.user@gmail.com>
- Re: How can I secure a Debian installation?
  - From: Jon Danniken <danniken@q.com>
- Re: How can I secure a Debian installation?
  - From: Joe <joe@jretrading.com>
- Re: How can I secure a Debian installation?
  - From: Raffaele Morelli <raffaele.morelli@gmail.com>
- Re: How can I secure a Debian installation?
  - From: Brian <ad44@cityscape.co.uk>
- Re: How can I secure a Debian installation?
  - From: Denis Witt <denis.witt@concepts-and-training.de>
- Re: How can I secure a Debian installation?
  - From: Brian <ad44@cityscape.co.uk>
- Re: How can I secure a Debian installation?
  - From: Raffaele Morelli <raffaele.morelli@gmail.com>
- Re: How can I secure a Debian installation?
  - From: Jerry Stuckle <jstuckle@attglobal.net>
- Re: How can I secure a Debian installation?
  - From: Alex Mestiashvili <alex@biotec.tu-dresden.de>

Prev by Date: Re: "cloning" a debian installation
Next by Date: Re: making my Wheezy beep. How?
Previous by thread: Re: How can I secure a Debian installation?
Next by thread: Re: How can I secure a Debian installation?
Index(es):
- Date
- Thread