Allegedly, on or about 10 May 2016, Patrick O'Callaghan sent: > Much more important is to keep tight control of logins > from outside your network. Only allow SSH, don't allow it to the root > account, only allow it using token (not password) access, and run > fail2ban.
If you run externally accessible mail services, then you should disallow plaintext authentication. That will stop mail clients from transmitting the user's password in the clear. Likewise if there are web server pages that require a login (ensure it's only allowed through an encrypted connection). You should probably disallow it even for internal services, there could be something snooping on traffic elsewhere on your net. While some will say the war is already lost if they're doing that, I tend to feel that you're checkmating them if they can't get anything useful. -- [tim@localhost ~]$ uname -rsvp Linux 3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64 Boilerplate: All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I only get to see the messages posted to the mailing list. When it comes to electronics, I'm slightly biased. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: http://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
