RE: [plug] GMA-7 website hacked!

Mon, 02 Jul 2001 22:02:45 -0700 


amdahl's law applied to network security:

the stenght of your security systems is determined by the strenght of its
weakest point.


On Tue, 3 Jul 2001, Ronneil Camara wrote:

> > -----Original Message-----
> > From: Horatio B. Bogbindero [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, July 02, 2001 11:50 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: [plug] GMA-7 website hacked!
> >
> >
> > dunno about you guys. but, the assumption i make when i configure a
> > publicly accessible website is to assume that the root password can
> > be compromise (although, i am slowly moving some systems to sudoer
> > based security instead. with the root account locked up with a
> > reeeeeeeaaaaaaaaaaaaaalllllllllllllllllyyyyy impossible to crack root
> > password or not login able at all.)
> >
> > there... with this assumption in mind. i have a personal firewall
> > comfigure using iptables for 2.4 and ipchains for 2.2. i only allow
> > my machine to be accessed from certain allowed machines. aside from
> > this i also have tcp wrappers configured for the other things i have
> > missed.
> >
> > there is no single rule for security because these crackers seem to
> > find a way. but, it would be good to keep a good minimum
> > security level.
>
> That would really be a good idea. But even we got a good security policy,
> and assuming, our public daemon, say httpd/named/portmapper, is vulnerable
> to an attack, a cracker doesn't need a password to gain unix shell/dos
> prompt.
> So, your ideas plus patching vulnerable services would be the best way to
> get rid of crackers.
>
> Remember, a cracker only needs 1 port to gain access.
>
> -neil
> _
> Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
> To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
>
> To subscribe to the Linux Newbies' List: send "subscribe" in the body to 
>[EMAIL PROTECTED]
>

-- 

--------------------------------------
William Emmanuel S. Yu
Ateneo Cervini-Eliazo Networks (ACENT)
email  :  [EMAIL PROTECTED]
web    :  http://cersa.admu.edu.ph/
phone  :  63(2)4266001-5925/5904

        "Do you believe in intuition?"
        "No, but I have a strange feeling that someday I will."


_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]

To subscribe to the Linux Newbies' List: send "subscribe" in the body to 
[EMAIL PROTECTED]

Reply via email to