> Date: Wed, 28 Jul 2010 05:50:19 -0600 > From: ch...@bennettconstruction.biz
> Concrete with re-bar works well for hardening the box. > As far as the software, OpenBSD comes "pre-hardened". > Nothing really needs to be changed for security. > Use good passwords and long passwords is about all you have to do. Good point, all the salting, encrypting, and multiple encryption rounds in the world won't save the Internet from the idiots that set root passwords to "password". The irony of it all is that these 0wned idiots will complain that their "system" was insecure (that's why they got "hacked"). Unfortunately, we in OpenBSD-land live in a vacum of common sense that does not exist out in the real world. People actually use "password" for their password, or the ones who believe themselves clever set it to "secret" or "letmein". Don't believe me, look at the logs on your bastion OpenBSD servers. The reason there are so many ssh bruteforce attempts is because... wait for it...... it works. While we thank the gods for OpenBSD and all of the common sense it comes with, let's not forget that humans can break anything and overcome any amount of logic and careful design. Sincerely, IR _________________________________________________________________ Hotmail: Free, trusted and rich email service. https://signup.live.com/signup.aspx?id=60969