Re: basic security setup?


s. keeling wrote:
What level of attacker are you worried about? If script-kiddies,
probably. If Bruce Schneier, possibly not. Good thing he (in theory)
doesn't do that sort of thing.

At the moment I am not seriously worried about targeted attacks. I run a private consulting company, which once in a while work with technologies or other companies that could be seen as interesting from a industrial espionage point of view. (Right now I am working in the energy sector in norway which is in direct competition with and possible conflict with the russians. Norway probably has technology the russians would want. Additionally, they are trying to claim that a larger sea area containing gas and oil belongs to the russians. They have already turned off one gas pipe to europe, for a couple of weeks, to show they mean business. But I digress....)
Me and my company is too anonymous to be used as a gateway into the company. So I am not really worried about that kind of attacks. And even if it would happen all client data I have is stored on a encrypted partition, using truecrypt.
But being security conscious and prehaps a little paranoid, you never know who will attack your system. I am a member of EFF Norway, so maybe my verbal attacks against some industries might be a reason for attack. You never know, but I digress and overanalyse things again....)

What I am worried about is vandals or bandwidth thiefs and that sort of things. I dont want my box to be used as part of a botnet nor do I want it to be used as a file sharing node. I would also appreciate that box not being vandalised or having data deleted. There are several reasons for the last part. Firstly, I would have to know if something has happened to the box. Which I dont have much experience with, so somebody could break in wihtout me knowing. Secondly when I found out something is wrong. I would have to spend time setting up the system and restoring backups. Which I dont want to spend more time than necessary on.

At the same time I am security conscious enough that I would like gain the knowledge about setting it up better than needed, without going overboard. I am thinking of simple but pretty effective protection.

So I am thinking, ssh2, certificate, denyhosts, non default port and specified user login list is simple enough but effective enough to keep 99.5% of the attacks away, barring source code errors in linux and ssh and a massively targeted attack.

tom
.

Relevant Pages

  • Re: Introducing Me
    ... When people are slammed with personal attacks the temptation to ... I've seen her rip into perfectly innocent ... There's no way of knowing that, currently, since the "posse" stormed in ... but perhaps you -like- that sort of thing. ...
    (rec.arts.poems)
  • Re: A week and a day
    ... sort of thing, ... about your claim that I posted negative posts to TGC. ... own personal attacks. ...
    (rec.sport.golf)
  • Re: everybody mention
    ... At least you are being honest now in your attacks on people, ... Believe what you want but 2 things kid, I genuinely hope you can sort ... than you do some personal work & realise it's at least possible that ... Take care & I mean that genuinely, of course, you may not be able to ...
    (uk.people.support.depression)
  • Re: Human Rights Watch: Hizbullah committing war crimes .. ..
    ... Apparently they have some sort of deal going and attacks are expected ... is that Olmert isn't going to stop until some sort of numbers balance ... Lebanon is happening because Israel is in the civilian areas targetting ...
    (alt.religion.islam)
  • Re: Etiquette rules - Whos the Ahole?
    ... novice tight poker players where they erroneously think they can act ... attacks, I feel like I am being stalked. ... Now this is a complete bullshitf attempt to disarm me by making ... don't show up and dont' respond to my posts. ...
    (rec.gambling.poker)