Re: Has my server been hacked?

From: /dev/rob0 (rob0_at_gmx.co.uk)
Date: 03/30/04 

Date: Tue, 30 Mar 2004 12:25:01 -0600

On Wed, 24 Mar 2004 17:59:38 -0800, ynotssor wrote:
> When it comes to security, skepticism is good, paranoia is good.

I don't agree about paranoia. Paranoia combined with lack of knowledge
adds up to paralysis. You don't learn anything if you reinstall your OS
every time you see "-- MARK --" in your logfiles. (You might learn to
become more familiar and efficient with your distro's installation
procedures, I guess, but that's not an important skill. :)

My scepticism in approaching any security issue is in doubting that
anything is wrong.

Decent security for home users is pretty simple IMO. Don't run any
external services, put up a tight firewall (as per the simple example
in the Net-Filtering-HOWTO), and feel safe. Approach each new unknown
situation with the assumption that that's all there is to it: YOU do
not understand it. Soon you start to develop some understanding.

Home users are reasonably safe behind consumer-grade router appliances,
although here I admit to my own paranoia, in that I don't trust them
for my own use. :)

Business security is a bit more complex, as you tend to need external
services open. But there the recipe is to carefully monitor security
announcements for each service you keep open, and to act promptly when
advised to patch it. Still no call for paranoia.

In my years of GNU/Linux, I've not had one breach of security on any
system I maintain. In the early times I had some fears, but those
always proved to be unfounded.

Just my tuppence which may not be applicable to the discussion at hand,
but DOES apply to most perceived security issues. 

-- 
  /dev/rob0 - preferred_email=i$((28*28+28))@softhome.net
  or put "not-spam" or "/dev/rob0" in Subject header to reply

Relevant Pages

  • Re: How to set up a secure XP windows home edition w/service pack
    ... teaches at at local medical school and conduct a lot of reseach. ... Windows security issues. ... professional help but am confident by your quick and critical reply that you ... > for paranoia these days. ...
    (microsoft.public.windowsxp.setup_deployment)
  • RE: How to obtain a yahoo username off a computer
    ... "As long as technology exists, security or lack there of, will exist" ... > this is worst case scenario, but isn't paranoia part of the game? ... Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ...
    (Security-Basics)
  • Re: Summary of Bit-Level SHA Discussion
    ... >> But this is precisely because experience has shown that paranoia pays off in ... >> high end security applications when faced by sophisticated and well ... > Perhaps we're quibbling about semantics, but paranoia never pays off. ... standard documents are by definition supposed ...
    (sci.crypt)
  • Re: How to set up a secure XP windows home edition w/service pack 2
    ... > tools components that include Microsoft Management Console, security ... for paranoia these days. ... need all the luck you can muster). ...
    (microsoft.public.windowsxp.setup_deployment)
  • Re: Please discuss: internet security on dual boot systems
    ... > o I don't know how to scan my Internet host, what that is, or what purpose ... But security covers a huge scope. ... Or am I reasonably safe ... >>> updating four or five sets of security pgms would be nigh impossible. ...
    (microsoft.public.win2000.general)