Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Attack from a reserved address



On Thu, Aug 31, 2006 at 12:41:24PM -0400, Larry Underhill wrote:
> slightly OT: what are the general practices folks that folks take to
> secure the "public" services on their home boxen? I have ssh and http
> available. 
> 
> My general take is:
> 
> * firewall with ssh (on a high num port) and http open. All others are
> denied.

Very useful, if you can handle it. I also open IMAP/SSL and
SMTP.

> * sshd w/ key only access and no remote root login. 

For many servers, this is an excellent addition to the config:

AllowUsers user1 user2 user3

...which rejects every login attempt not by one of those named
users. If you have just five or six or a dozen accounts that
should get in, this is a good way to protect.

> I also rotate passwords for root and my (one) user account. Any other
> tips/tricks?

I'd rather have a strong password than a recently changed one.
If you can have both, even better.

-dsr-


-- 
-. ---   -- --- .-. .   ... . -.-. .-. . - ... 
..-. ..- -.-. -.-   - .... .   -. ... .- 
..-.   ..-   -.-. -.   .-. -..   - .... ...   ..-   -.- -. .--   -.-. -..


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org