GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I feel pretty good about things. I've got an OpenBSD packet filter scrubbing and normalizing everything that comes in, plus per-machine firewalls. SSH is only available using key pairs which are themselves password protected. My website is running on an uncommon, fault-tolerant web server which is running as an unprivileged user on a non-standard port. The only real concern I have is IMAPS, which is on the default port. Eventually I'm going to set things up to use SSH tunnels, but I haven't gotten there yet.
Quote:
Originally Posted by pwc101
but with a dynamic IP address, it helps to a certain extent (I think?).
Not really. If somebody is scanning they're going to find you whether your IP address is dynamic or not. It would only really be a benefit to prevent somebody from getting in *twice* - and they could still just scan your block again. And besides, how often do you get a new IP address? Even if you reboot you'll usually get the same one again unless you change your MAC address or wait a sufficiently long period of time.
Last edited by taylor_venable; 02-29-2008 at 09:39 AM.
Sorry, phantom_cyph.
I had always been under the impression that hackers are people who "hack" together code, and crackers are folks that "crack" security.
Crackers in general not only crack security, they are the ones that steal private info, install viruses, etc. Hackers are the ones that hack security, without using scripts/programs that do it for them, and in general, tend to leave people's computers alone.
It's generally said nowdays that hackers are the white hat, and crackers are black hat. But most people usually see them both as the same, especially in the media etc.
And besides, how often do you get a new IP address? Even if you reboot you'll usually get the same one again unless you change your MAC address or wait a sufficiently long period of time.
I get a new IP address every few days, so it's pretty regular. I don't really keep tabs on if there's any cyclicity in the assigned addresses; it may be that I've only got a few addresses that get changed in turn.
This is all somewhat academic, however, since I've set up a dyndns account, so if some kiddie wanted to have a go and they found out what my chosen host was, it'd be the same as if I had a static IP.
Either way, the only thing I have open is SSH, and it'll only allow a single user to connect (me) and root access is disabled, so hopefully that'll help a little.
One of the things I was wondering about is running an unprotected win2k image in a vm and using it a honey trap. Be an interesting experiment.
I once deployed a server with Win2K on it. When I deploy a windows-based server, I always put a small consumer grade hardware router in front of it for the firewall features. This one time, I neglected to do that. Actually, I put the router up, but had the firewall turned off. I recognized my error within 15 minutes, and enabled the firewall.
In those 15 minutes, the Win2K machine, which was fully exposed and connected directly to a T3 in a datacenter, was also fully compromised and had become a spambot, with 2 trojans running in it.
This happened, I repeat, in 15 minutes. It didn't take me long to clean it up, but I did have to clean it up.
I have a fully hardened winXP system on my laptop which I take with me when I travel, and it has never been infected while connected to unknown networks.
My workstation and my LAN have a mix of Linux and Windows connected to them, and I have a number of ports forwarded through the firewall for various purposes, including Port 80, and though my network periodically is attacked (and sometimes vigorously attacked) none of my systems have ever been compromised. As I write this, I have Mandriva 2008, FC 7, Kubuntu (the latest one), 2 copies of Win2K, and 2 copies of WinXP up and running on the LAN. The Win2Ks are both VMWare virtual machines running under the Mandriva 2008 installation, and the WinXPs are each on their own physical machines. The linux distros are all on their own machines; the Mandriva installation is my personal workstation.
The point is that it IS possible to harden both Windows and Linux quite adequately. It is more work with Windows than it is with Linux, to harden it and keep it safe, but it can be done.
I have a fully hardened winXP system on my laptop which I take with me when I travel, and it has never been infected while connected to unknown networks.
....
The point is that it IS possible to harden both Windows and Linux quite adequately. It is more work with Windows than it is with Linux, to harden it and keep it safe, but it can be done.
Hardened? yes. Fully hardened? Not possible for any system IMHO.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.