Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Quote:
Originally Posted by xadrith
Quote:
Originally Posted by drokmed
Sure he can. For example, he can have the CentOS box have a cron job to initiate a tunnel to his home box. There are lots of ways.
That's pretty devious, and clever... I just glimpsed over some info about cron today in an O'Rielly book.
There are plenty of legitimate uses for reverse-ssh tunnels too. The last company I worked for used them for remote support in "dark" data centers. Our customers would never allow us to log into their systems directly, but they were fine with having our boxes "call home" to open a tunnel to our support server. Then we just logged into the support server and did ssh -p <port number> localhost and viola, we're logged into the customer's system.
Learning how to use ssh port-forwarding is one of the more useful things you can do if you deal with a lot of sealed-off networks.
Everybody,just listen to chort,he'll tell you what to do,he's a security expert and he has seen more data centers than I did.Just ignore me and remember;some people are always right and their way is the way that must be,no matter what and please try not to think,because who are you to have the right to think and have a better solution for the problem.Don't look into the future,don't look for innovation's,don't be creative,don't develop your skills,be blind,stay stupid and you'll be just fine.Your boss will love you and you'll keep the job.
Everybody,just listen to chort,he'll tell you what to do,he's a security expert and he has seen more data centers than I did.Just ignore me and remember;some people are always right and their way is the way that must be,no matter what and please try not to think,because who are you to have the right to think and have a better solution for the problem.Don't look into the future,don't look for innovation's,don't be creative,don't develop your skills,be blind,stay stupid and you'll be just fine.Your boss will love you and you'll keep the job.
I'm certainly no expert, but when I was just starting out, I listened to people who knew more, and had much more experience than me. I still do that. I don't understand your reaction at all. I suggest you learn to admit your mistakes rather than to dig yourself in a deeper hole.
The boss needs to hire a consultant who is expert with the OS involved for a few days.
This consultant can clean up the network, eliminate any possible backdoors, and make sure security is properly in place and configured. The consultant can also provide some training to OP in order to ensure that OP has the tools to maintain the network going forward.
If this is a business situation, and the network is compromised, the boss had better be willing to spend the money.
I completely agree. This is the kind of situation where a network expert could really help get things ship shape in the quickest time.
There are plenty of legitimate uses for reverse-ssh tunnels too. The last company I worked for used them for remote support in "dark" data centers. Our customers would never allow us to log into their systems directly, but they were fine with having our boxes "call home" to open a tunnel to our support server. Then we just logged into the support server and did ssh -p <port number> localhost and viola, we're logged into the customer's system.
Learning how to use ssh port-forwarding is one of the more useful things you can do if you deal with a lot of sealed-off networks.
That's a good example of using the tool without abusing it. Sadly, in the case of the OP, the ex-employee could've set any system in the company to "call home" to a system that he has control of. This is yet another reason why corporations usually frown upon tunneling unless it is for business needs.
Everybody,just listen to chort,he'll tell you what to do,he's a security expert and he has seen more data centers than I did.Just ignore me and remember;some people are always right and their way is the way that must be,no matter what and please try not to think,because who are you to have the right to think and have a better solution for the problem.Don't look into the future,don't look for innovation's,don't be creative,don't develop your skills,be blind,stay stupid and you'll be just fine.Your boss will love you and you'll keep the job.
When you can't address the legitimate arguments that have been made, change the subject.
"It all depends on how Michelle's boss feels. If he is comfortable with just replacing the firewall, and changing everyone's passwords, then she is in good shape."
I have to disagree with that one - the boss obviously knows nothing about computers and needs advice from people who know what they're doing. Doing what makes the boss (who is no expert) feel happy is a great way to lose your job in a few weeks when the things that made the boss happy really didn't address the real issues.
There is nothing extreme about wiping the WinDuhs machines and reinstalling everything; this is the only sensible way of ensuring the machines are reasonably secured. Of course if you really know what you are doing you can avoid a wipe and instead take several days per computer to weed out the bad stuff ... but then again, no one who knows what they're doing would waste their time like that.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.