RE: The crackers are out there

From: Craig Hasund <hasundc@arctic.net>
Date: Tue Nov 20 2007 - 09:45:47 AKST

OK, that makes a number of times that I've heard someone mention scripting
to monitor access and modify the firewall based on observations. How do you
do this? Can someone post a simplified script to look for access criteria
and modify the firewall based on ip address? I prefer perl or bash, but am
not sure the methodology about implementing this type of thing. I also use
fedora and iptables.

I would like to play with this but want to understand a working
implementation before I lock myself out of my systems :)... I've been
following this list for a long time, but haven't crawled out from under my
rock until now.

Thanks,

--- Craig Hasund

-----Original Message-----
From: aklug-bounce@aklug.org [mailto:aklug-bounce@aklug.org] On Behalf Of
Arthur Corliss
Sent: Tuesday, November 20, 2007 9:17 AM
To: bryanm@acsalaska.net
Cc: aklug@aklug.org
Subject: Re: The crackers are out there

On Tue, 20 Nov 2007, bryanm@acsalaska.net wrote:

> On Mon, November 19, 2007 7:19 pm, Arthur Corliss wrote:
>> 1) Root/administrator accounts should *never* be allowed to log in
>> remotely. The only access to superuser accounts should be on a
>> physical console or via su from a wheel group member. Let me be
>> more blunt: if you allow root to log in remotely for any reason
>> you're an idiot.
>
> There's that vice-presidential spirit we're looking for. <grin>

That's the standard Corliss no-tact spirit. In terms of basic security I
just want everyone to know just how aggregious (and dangerous) this is. The
number one attack I see on my systems is still dictionary attacks. While a
strong password helps, for those using random combinations it's still just a
function of time -- and not much of that if there's some pure blind luck --
assuming no other precautions are taken.

Good security is about having lots of backup plans. When you combine all of
the countermeasures I suggest it becomes highly improbable that an attacker
will get a shell on the box (via ssh, anyways), and even if they do, they
still have more barriers in their way to get root.

         --Arthur Corliss
           Live Free or Die
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Nov 20 09:44:33 2007

This archive was generated by hypermail 2.1.8 : Tue Nov 20 2007 - 09:44:33 AKST