Subject: Re: security
From: Peter M. Bagnall (pete@surfaceeffect.com)
Date: Wed Nov 15 2000 - 10:33:04 MST
>More importantly (pretending you don't have anything important anywhere),
>your machine can be used to attack other machines around the world. That's
>how denial of service works, and that's why you have a personal obligation
>to me and everyone else connected to this network to keep your box as
>secure as is feasible. :)
>
>-Hollis
If you ever do put anything important on your machine then it's very hard
to show that it's not be compromised in the mean time too. It's relatively
easy for an attacker to write a tool to give them a back door they can use
later. Best to be secure from day one.
The other threat I've heard of is people using insecure FTP sites as
transfer point for child pornography and such. Which opens you up to all
sorts of legal hassles since it's then on your machine. The solution for
this if you want anyone to be able to FTP to you is to have an incoming
directory that is write only. Then you manually transfer things to the read
only part when you've checked things over. This means that no-one else can
get at any content that might get uploaded until you've moderated it which
essentailly means for these people there is no point using your system
anymore.
I know of a few cases of exactly this happening at a previous employer so I
take it reasonably seriously.
Having said that, this is all something I need to be a bit more rigourous
on. What are people's top tips on securing their system?
If I disable all services I'm not using and keep the ones I am using up to
date and reasonably locked down am I pretty well covered or are there other
things I need to worry about.
Cheers
Pete
-- Peter M. Bagnall pete@surfaceeffect.com - http://www.surfaceeffect.com/
This archive was generated by hypermail 2a24 : Wed Nov 15 2000 - 10:40:01 MST