Re: security for a home system
Douglas Allan Tutty wrote in Article [EMAIL PROTECTED] posted to gmane.linux.debian.user: On Tue, Apr 24, 2007 at 03:16:47AM -0700, Paul Johnson wrote: Douglas Allan Tutty wrote in Article [EMAIL PROTECTED] posted to gmane.linux.debian.user: It never hurts to have a border router between your network and the Internet, with only the ports you intend to use forwarded to the appropriate server. You wouldn't consider a firewall box hooked up to my analog modem overkill? If you're on dialup, you're probably fine with just what you have. If you're on a dedicated connection, you should take a look at http://www.dd-wrt.org/ for the cheap way into a decent router. If ssh isn't even listening on external interfaces, does it matter if I allow root to ssh (useful for rsyncing backups between the boxes)? I would recommend against allowing root ssh just in case. It's not that hard to sudo anyway. But then how do I rsync the backups? For example, if I make it so that group adm can read everything, and I'm in group adm, should I just rsync it with my user name? OTOH, doesn't having group adm able to read the backups cause a decrease in security? If someone then gets adm access, they can read everything in the backups. rsync and ssh aren't the same, so I'm a little confused where you're coming from here. rsync uses ssh as the transport layer, similar to scp. Interesting. I did not know that... for some reason, I thought it was in the rsh family... Yes, I _could_ set up an rsync daemon on each box but then everything is going over the network enclare. I'm not sure which of my language skills failed me here... Comment dites-vous l'enclare en anglais? -- Paul Johnson Email and IM (XMPP Google Talk): [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: security for a home system
On Wed, 2007-04-25 at 00:45 -0700, Paul Johnson wrote: Douglas Allan Tutty wrote in Article [EMAIL PROTECTED] posted to gmane.linux.debian.user: rsync uses ssh as the transport layer, similar to scp. Interesting. I did not know that... for some reason, I thought it was in the rsh family... It does use rsh by default... unless you have rsh setup as an alias (or wrapper) to use (r)ssh and the like. -- greg, [EMAIL PROTECTED] Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup signature.asc Description: This is a digitally signed message part
Re: security for a home system
On Wed, Apr 25, 2007 at 10:30:33AM -0400, Greg Folkert wrote: On Wed, 2007-04-25 at 00:45 -0700, Paul Johnson wrote: Douglas Allan Tutty wrote in Article [EMAIL PROTECTED] posted to gmane.linux.debian.user: rsync uses ssh as the transport layer, similar to scp. Interesting. I did not know that... for some reason, I thought it was in the rsh family... It does use rsh by default... unless you have rsh setup as an alias (or wrapper) to use (r)ssh and the like. On my standard Etch system, /usr/bin/rsh is a symlink to /etc/alternatives/rsh which is a symlink to /usr/bin/ssh. Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: security for a home system
Douglas Allan Tutty wrote in Article [EMAIL PROTECTED] posted to gmane.linux.debian.user: On Mon, Apr 23, 2007 at 01:23:00AM -0700, Paul Johnson wrote: Douglas Allan Tutty wrote in Article [EMAIL PROTECTED] posted to gmane.linux.debian.user: If I have two boxes, with two users, linked by ethernet and one box is on dial-up to the ISP, with nothing listening on external ports except the ntp daemon, what is a reasonable stance on security? Probably, yes. ?? It never hurts to have a border router between your network and the Internet, with only the ports you intend to use forwarded to the appropriate server. Given that anyone who breaks into the house will have physical access to the consoles anyway, do I need a whiz-bang long root password, strong passwords on the regular uses, and all the other hypervigalance? Yes. It's not necessarily what's on the machine, but how it's resources can be abused. Most spam is sent from compromised systems of various types. But how does a strong password protect against a physical attack on the computer? If I find there's been a break into my home, I'll assume that they got into the computer. It doesn't. Still, if someone manages to find a way into your system, you should make it hard for them to escalate privileges. If ssh isn't even listening on external interfaces, does it matter if I allow root to ssh (useful for rsyncing backups between the boxes)? I would recommend against allowing root ssh just in case. It's not that hard to sudo anyway. But then how do I rsync the backups? For example, if I make it so that group adm can read everything, and I'm in group adm, should I just rsync it with my user name? OTOH, doesn't having group adm able to read the backups cause a decrease in security? If someone then gets adm access, they can read everything in the backups. rsync and ssh aren't the same, so I'm a little confused where you're coming from here. -- Paul Johnson Email and IM (XMPP Google Talk): [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: security for a home system
On Tue, Apr 24, 2007 at 03:16:47AM -0700, Paul Johnson wrote: Douglas Allan Tutty wrote in Article [EMAIL PROTECTED] posted to gmane.linux.debian.user: It never hurts to have a border router between your network and the Internet, with only the ports you intend to use forwarded to the appropriate server. You wouldn't consider a firewall box hooked up to my analog modem overkill? If ssh isn't even listening on external interfaces, does it matter if I allow root to ssh (useful for rsyncing backups between the boxes)? I would recommend against allowing root ssh just in case. It's not that hard to sudo anyway. But then how do I rsync the backups? For example, if I make it so that group adm can read everything, and I'm in group adm, should I just rsync it with my user name? OTOH, doesn't having group adm able to read the backups cause a decrease in security? If someone then gets adm access, they can read everything in the backups. rsync and ssh aren't the same, so I'm a little confused where you're coming from here. rsync uses ssh as the transport layer, similar to scp. Yes, I _could_ set up an rsync daemon on each box but then everything is going over the network enclare. Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: security for a home system
Joe Hart wrote in Article [EMAIL PROTECTED] posted to gmane.linux.debian.user: Douglas Allan Tutty wrote: On Sat, Apr 21, 2007 at 09:14:27PM +0200, Joe Hart wrote: Douglas Allan Tutty wrote: If I need to run a backup, other than it being 'proper', why not just login as root instead of myself and su? That is what I do, but I make sure that the internet is down when I do that, so there is no chance of someone coming in, or anything going out while I am backing up, just a safety precaution. One can never be too careful. How does running a backup as root make it more likely that someone can come in from the net and get root? To be honest, I don't know, but I do know that if you leave a tty just sitting around logged in a root, it is a bad idea. Perhaps I am just being too cautious. That's not too cautious at all. More like up there with clearing the chamber and unloading a gun when not in use. I would think that anyone hacking into my system would face a login prompt, but who knows? I'm not running a ssh daemon, so it I don't see what would give them such prompt, and my firewall should block anyone attempting to come in, but I also know that there are some really weird hacks out there and people who can do things like surf the web while tunneling through an IMCP connection (becuase ping is open) can do some pretty tricky things and I know if I pull the plug, there's no way anything can get in. That's a new one on me. Cite? -- Paul Johnson Email and IM (XMPP Google Talk): [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: security for a home system
Douglas Allan Tutty wrote in Article [EMAIL PROTECTED] posted to gmane.linux.debian.user: If I have two boxes, with two users, linked by ethernet and one box is on dial-up to the ISP, with nothing listening on external ports except the ntp daemon, what is a reasonable stance on security? Probably, yes. Given that anyone who breaks into the house will have physical access to the consoles anyway, do I need a whiz-bang long root password, strong passwords on the regular uses, and all the other hypervigalance? Yes. It's not necessarily what's on the machine, but how it's resources can be abused. Most spam is sent from compromised systems of various types. If ssh isn't even listening on external interfaces, does it matter if I allow root to ssh (useful for rsyncing backups between the boxes)? I would recommend against allowing root ssh just in case. It's not that hard to sudo anyway. -- Paul Johnson Email and IM (XMPP Google Talk): [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: security for a home system
Douglas Allan Tutty wrote in Article [EMAIL PROTECTED] posted to gmane.linux.debian.user: On Sat, Apr 21, 2007 at 09:14:27PM +0200, Joe Hart wrote: Douglas Allan Tutty wrote: Reflecting on recent posts re allowing root login (related, but I didn't want to steal the thread), I'm wondering about a home network and what to bother with. There's a touch of devil's advocate in this but the concept that physical access == root access causes one to wonder. Well, if you consider that, you also might want to consider making sure the systems cannot boot from a CD, USB or anything else than the HD where Debian is installed and make sure that the BIOS has a password protect to prevent someone from changing this. Because if someone with a liveCD comes along, all the strong passwords you want won't save your data. Right, but someone on a recent thread argued that securing the bios is useless since physical access to the box means that they can get root access anyway. You can make that tricky with a Master lock using the lock loop on the case door. Granted, on most cases, this will make the lock the strongest link in a weak chain (given how flimsy most cases are relative to tinsnips). That is what I do, but I make sure that the internet is down when I do that, so there is no chance of someone coming in, or anything going out while I am backing up, just a safety precaution. One can never be too careful. How does running a backup as root make it more likely that someone can come in from the net and get root? Covert execution of arbitrary tasks? Though in every scenario I can think of this coming up, the machine is already compromised to the point where doing such a thing would be moot. -- Paul Johnson Email and IM (XMPP Google Talk): [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: security for a home system
On Mon, Apr 23, 2007 at 01:23:00AM -0700, Paul Johnson wrote: Douglas Allan Tutty wrote in Article [EMAIL PROTECTED] posted to gmane.linux.debian.user: If I have two boxes, with two users, linked by ethernet and one box is on dial-up to the ISP, with nothing listening on external ports except the ntp daemon, what is a reasonable stance on security? Probably, yes. ?? Given that anyone who breaks into the house will have physical access to the consoles anyway, do I need a whiz-bang long root password, strong passwords on the regular uses, and all the other hypervigalance? Yes. It's not necessarily what's on the machine, but how it's resources can be abused. Most spam is sent from compromised systems of various types. But how does a strong password protect against a physical attack on the computer? If I find there's been a break into my home, I'll assume that they got into the computer. If ssh isn't even listening on external interfaces, does it matter if I allow root to ssh (useful for rsyncing backups between the boxes)? I would recommend against allowing root ssh just in case. It's not that hard to sudo anyway. But then how do I rsync the backups? For example, if I make it so that group adm can read everything, and I'm in group adm, should I just rsync it with my user name? OTOH, doesn't having group adm able to read the backups cause a decrease in security? If someone then gets adm access, they can read everything in the backups. I'm not arguing against good security practices, I'm arguing against a blanket knee-jerk response that my not add anything given a home setup. Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: security for a home system
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul Johnson wrote: [snip] I would think that anyone hacking into my system would face a login prompt, but who knows? I'm not running a ssh daemon, so it I don't see what would give them such prompt, and my firewall should block anyone attempting to come in, but I also know that there are some really weird hacks out there and people who can do things like surf the web while tunneling through an IMCP connection (becuase ping is open) can do some pretty tricky things and I know if I pull the plug, there's no way anything can get in. That's a new one on me. Cite? Oh, now I had too google it. Here's one: http://www.cs.uit.no/~daniels/PingTunnel/ Not the most reliable way surf, but it is possible. It seems people don't like paying for internet hot-spots when there is a way around it, and it is possible through ICMP (transposed the acronym in the previous message). Now, of course I would never do anything like this, but that doesn't mean other people don't. Joe - -- Registerd Linux user #443289 at http://counter.li.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGLMY0iXBCVWpc5J4RArvcAJ9pm48HqoZ4FgvZBqJm+hH82RgohgCfZoz6 dGIyLUl4TpCPJ78TLJ0Fbcc= =H5KE -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: security for a home system
On Mon, 2007-04-23 at 09:30 -0400, Douglas Allan Tutty wrote: On Mon, Apr 23, 2007 at 01:23:00AM -0700, Paul Johnson wrote: Douglas Allan Tutty wrote in Article [EMAIL PROTECTED] posted to gmane.linux.debian.user: If I have two boxes, with two users, linked by ethernet and one box is on dial-up to the ISP, with nothing listening on external ports except the ntp daemon, what is a reasonable stance on security? Probably, yes. ?? Given that anyone who breaks into the house will have physical access to the consoles anyway, do I need a whiz-bang long root password, strong passwords on the regular uses, and all the other hypervigalance? Yes. It's not necessarily what's on the machine, but how it's resources can be abused. Most spam is sent from compromised systems of various types. But how does a strong password protect against a physical attack on the computer? It doesn't against a skilled attacker, but given most (if not all) BE perps have dropped out of school... percentages are heavily skewed that a perp will just TAKE the machine and anything else of value. If I find there's been a break into my home, I'll assume that they got into the computer. Well, let us be real here, you being j.random.houseowner (j.random.residence.occupant). What are the chances that a breakin perp will hack into your computer for subversive reasons. Come on, if they break-in... most (all?) perps are of the Breaking and Entering strip the house of valuables type of thing. If you have Linux on any current computer, they don't care. They just fence the stuff. Very few have even heard of Linux, let alone used anything other than Windows. They can covet and keep Mac's and have been caught. Linux is to foreign, if you have auto-login enabled, well see the next paragraph. Physical Access at home, only matters if you really think the $SECRET_GOV_AGENCY is out to get you. ANY home is not secure enough. The wooden/drywall walls are easily broken. Windows can be broken, locks jiggered. You should be using encrypted everything. Shredding and burning any paper documents and many other measures (including that Tin-Foil hat from Thinkgeek) If ssh isn't even listening on external interfaces, does it matter if I allow root to ssh (useful for rsyncing backups between the boxes)? I would recommend against allowing root ssh just in case. It's not that hard to sudo anyway. But then how do I rsync the backups? For example, if I make it so that group adm can read everything, and I'm in group adm, should I just rsync it with my user name? OTOH, doesn't having group adm able to read the backups cause a decrease in security? If someone then gets adm access, they can read everything in the backups. I just do, good enough practices at home, I don't use windows, I do use nfsv4, I do use ssh/scp/sshfs for things not covered by nfsv4. I have my servers downstairs on a custom made shelf and I don't leave any console logged in. I do have a setup that uses rsync, but have long ago discarded it, as I now have everything RAID5 or better (software or hardware) and I have an external drive I use for backups, as well as specialized Optical backups for important things for myself and my wife. The kinds of things you are worrying about are really only typical in a corporate environment and typically only ones that *DEPEND* on a working system and could have IP stored on these machines. To those ends, physical access to the servers by a disgruntled employee is severely reduced by a proper access control system and if they still get into the room and a proper video system will record them. I'm not arguing against good security practices, I'm arguing against a blanket knee-jerk response that my not add anything given a home setup. Knowing what I know, having implemented multi-site redundancy, with multi-path fail-over modes, site security, backups and power control and varying aspects of data protection, I'd just say that most home setups generally only need a good enough set of practices. Paranoid peoples be damned. In summary, home security is somewhat of a grey area. Sure do all the things corporations do... but when it comes down to it, a simple jiggering of a door lock and a simple screwdriver and bootable x86 media (like who has an Alpha as a workstation?) will defeat 99.99% of your countermeasures. And the percentage chance that said someone actually doing the jiggering is there to hack your computers is (far?) less than 0.1%. Unless you are Bill Gates, then Corporate Espionage takes a whole new approach... but then Bill would just buy the company you are working for and then fire you while you are doing the mis-deed to your own boss. -- greg, [EMAIL PROTECTED] Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at
Re: security for a home system
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greg Folkert wrote: On Sat, 2007-04-21 at 21:55 +0200, Joe Hart wrote: Perhaps one of the gurus in this field will take the opportunity to explain why having a root console open all the time is a bad thing (other than the obvious local accessibility). My backups take a while, that's why I do it. To address that particular concern. That is what screen is for. It allows you to detach from a console and logout. See, I knew it would happen. Thanks Greg. I forgot all about screen. I used to use that for hellanzb, but recently have changed over to running it as a user from a konsole session, and since I can open as many konsole windows as I want, it hurts nothing leaving it running there. For those reading this that don't know what hellanzb is, it is an automatic binary newsgroup downloader for .nzb files. It downloads, checks parity and uncompresses all with no user intervention. A very handy little utility. Screen is also a very handy utility. Shame on me for forgetting its existence. Joe - -- Registerd Linux user #443289 at http://counter.li.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGK1SuiXBCVWpc5J4RAsH+AKC6YdN4ZXISwt3FukfhSG+i036lDwCgzn7r tH2wPSo2NpbyMLX0IyOcDrE= =cSaC -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: security for a home system
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Douglas Allan Tutty wrote: Reflecting on recent posts re allowing root login (related, but I didn't want to steal the thread), I'm wondering about a home network and what to bother with. There's a touch of devil's advocate in this but the concept that physical access == root access causes one to wonder. If I have two boxes, with two users, linked by ethernet and one box is on dial-up to the ISP, with nothing listening on external ports except the ntp daemon, what is a reasonable stance on security? Given that anyone who breaks into the house will have physical access to the consoles anyway, do I need a whiz-bang long root password, strong passwords on the regular uses, and all the other hypervigalance? Well, if you consider that, you also might want to consider making sure the systems cannot boot from a CD, USB or anything else than the HD where Debian is installed and make sure that the BIOS has a password protect to prevent someone from changing this. Because if someone with a liveCD comes along, all the strong passwords you want won't save your data. Now encrypting it all might save you, but do you really need to go that far? I guess this is what you mean by hyper vigilance. If ssh isn't even listening on external interfaces, does it matter if I allow root to ssh (useful for rsyncing backups between the boxes)? Why bother to rsync instead of just nfs mounting the backup repository? If you are positive there are no ways into the computer through your internet connections, then nfs is fine. For a closed system, there is no problem. If I need to run a backup, other than it being 'proper', why not just login as root instead of myself and su? Note that I am _not_ suggesting that I just do everything as root; then I loose the protection from myself. That is what I do, but I make sure that the internet is down when I do that, so there is no chance of someone coming in, or anything going out while I am backing up, just a safety precaution. One can never be too careful. Joe - -- Registerd Linux user #443289 at http://counter.li.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGKmKTiXBCVWpc5J4RAqGeAJ4je8kgRHN3JTXSKD/pLpEjNZbNRQCdGOv6 DfLbf+3GinLjp9d7rJcpfH0= =DScv -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: security for a home system
On Sat, Apr 21, 2007 at 09:14:27PM +0200, Joe Hart wrote: Douglas Allan Tutty wrote: Reflecting on recent posts re allowing root login (related, but I didn't want to steal the thread), I'm wondering about a home network and what to bother with. There's a touch of devil's advocate in this but the concept that physical access == root access causes one to wonder. Well, if you consider that, you also might want to consider making sure the systems cannot boot from a CD, USB or anything else than the HD where Debian is installed and make sure that the BIOS has a password protect to prevent someone from changing this. Because if someone with a liveCD comes along, all the strong passwords you want won't save your data. Right, but someone on a recent thread argued that securing the bios is useless since physical access to the box means that they can get root access anyway. Right now, my box has an administrator password set for accessing the bios but unless I set a power-on password, anyone can hit F8 and get a boot menu. Even with the bios password set, I guess someone could pop the bios battery; or do such settings get put in NV to survive a removed battery. I don't really want to test this on my main box (maybe next time I reinstall...). Now encrypting it all might save you, but do you really need to go that far? I guess this is what you mean by hyper vigilance. If ssh isn't even listening on external interfaces, does it matter if I allow root to ssh (useful for rsyncing backups between the boxes)? Why bother to rsync instead of just nfs mounting the backup repository? If you are positive there are no ways into the computer through your internet connections, then nfs is fine. For a closed system, there is no problem. If I need to run a backup, other than it being 'proper', why not just login as root instead of myself and su? That is what I do, but I make sure that the internet is down when I do that, so there is no chance of someone coming in, or anything going out while I am backing up, just a safety precaution. One can never be too careful. How does running a backup as root make it more likely that someone can come in from the net and get root? Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: security for a home system
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Douglas Allan Tutty wrote: On Sat, Apr 21, 2007 at 09:14:27PM +0200, Joe Hart wrote: Douglas Allan Tutty wrote: Reflecting on recent posts re allowing root login (related, but I didn't want to steal the thread), I'm wondering about a home network and what to bother with. There's a touch of devil's advocate in this but the concept that physical access == root access causes one to wonder. Well, if you consider that, you also might want to consider making sure the systems cannot boot from a CD, USB or anything else than the HD where Debian is installed and make sure that the BIOS has a password protect to prevent someone from changing this. Because if someone with a liveCD comes along, all the strong passwords you want won't save your data. Right, but someone on a recent thread argued that securing the bios is useless since physical access to the box means that they can get root access anyway. Right now, my box has an administrator password set for accessing the bios but unless I set a power-on password, anyone can hit F8 and get a boot menu. Even with the bios password set, I guess someone could pop the bios battery; or do such settings get put in NV to survive a removed battery. I don't really want to test this on my main box (maybe next time I reinstall...). Now encrypting it all might save you, but do you really need to go that far? I guess this is what you mean by hyper vigilance. If ssh isn't even listening on external interfaces, does it matter if I allow root to ssh (useful for rsyncing backups between the boxes)? Why bother to rsync instead of just nfs mounting the backup repository? If you are positive there are no ways into the computer through your internet connections, then nfs is fine. For a closed system, there is no problem. If I need to run a backup, other than it being 'proper', why not just login as root instead of myself and su? That is what I do, but I make sure that the internet is down when I do that, so there is no chance of someone coming in, or anything going out while I am backing up, just a safety precaution. One can never be too careful. How does running a backup as root make it more likely that someone can come in from the net and get root? Doug. To be honest, I don't know, but I do know that if you leave a tty just sitting around logged in a root, it is a bad idea. Perhaps I am just being too cautious. I would think that anyone hacking into my system would face a login prompt, but who knows? I'm not running a ssh daemon, so it I don't see what would give them such prompt, and my firewall should block anyone attempting to come in, but I also know that there are some really weird hacks out there and people who can do things like surf the web while tunneling through an IMCP connection (becuase ping is open) can do some pretty tricky things and I know if I pull the plug, there's no way anything can get in. Perhaps one of the gurus in this field will take the opportunity to explain why having a root console open all the time is a bad thing (other than the obvious local accessibility). My backups take a while, that's why I do it. Joe - -- Registerd Linux user #443289 at http://counter.li.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGKmwhiXBCVWpc5J4RAvTjAKCHhbj6gkRCylc6TNU/uXZ4Nyw3dwCfcPox LX3R34GBSyiAJCE+W0jYTZM= =MQgJ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: security for a home system
On Sat, 2007-04-21 at 21:55 +0200, Joe Hart wrote: Perhaps one of the gurus in this field will take the opportunity to explain why having a root console open all the time is a bad thing (other than the obvious local accessibility). My backups take a while, that's why I do it. To address that particular concern. That is what screen is for. It allows you to detach from a console and logout. -- greg, [EMAIL PROTECTED] Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup signature.asc Description: This is a digitally signed message part