> Allowing any port (SSH included) go through the firewall\gateway to the > internal network is quite a back door , SSH is not immuned , and as we > seen not so long ago had a its share of security holes, I would suggenst , > if you need remote control over a computer , stick a modem in it....
And a little bit of war dialing will reveal that modem really quick and might as well be 'quite a back door'. Your access router might be vulnerable. I think its always the question of the required paranoia level. You can simply allow an SSH connection to your firewall (maybe reduced to certain IP ranges) and open ports and forwarding when you need it then close them afterwards again. (IIRC, VNC is not sending passwords in cleartext, only the following traffic is not encrypted [besides the JPEG compression]). If you type any passwords in the session they might be sniffed. Actually I've had SSH ports open for quite a while, and I think many others have had them open too and probably none was hacked (we certainly heard more on the incidents-list). We didn't even notice an increased scanning for port 22. As you know the latest vulnerabilities would really need some work to be exploited and maybe require some social engineering to trick people into running into such an exploit or they would have had access to the server already. And such vulnerabilities are hardly exploited by script kiddies w/o a specific target. So unless you need to absolutely lock down everything and presume, that there is for sure another remote root exploit in SSH and someone is really wanting to get YOU...you can relax a little, but pay attention. Worse is if you don't detect an intrusion or the slightest attempts thereof. "...but, on the other hand the only real security is to unplug your server and lock it up in a secure place." - and still then you have issues. - Jonas -- Security <[EMAIL PROTECTED]>
