Attack from a reserved address
dsr at tao.merseine.nu
dsr at tao.merseine.nu
Thu Aug 31 12:59:51 EDT 2006
On Thu, Aug 31, 2006 at 12:41:24PM -0400, Larry Underhill wrote:
> slightly OT: what are the general practices folks that folks take to
> secure the "public" services on their home boxen? I have ssh and http
> available.
>
> My general take is:
>
> * firewall with ssh (on a high num port) and http open. All others are
> denied.
Very useful, if you can handle it. I also open IMAP/SSL and
SMTP.
> * sshd w/ key only access and no remote root login.
For many servers, this is an excellent addition to the config:
AllowUsers user1 user2 user3
...which rejects every login attempt not by one of those named
users. If you have just five or six or a dozen accounts that
should get in, this is a good way to protect.
> I also rotate passwords for root and my (one) user account. Any other
> tips/tricks?
I'd rather have a strong password than a recently changed one.
If you can have both, even better.
-dsr-
--
-. --- -- --- .-. . ... . -.-. .-. . - ...
..-. ..- -.-. -.- - .... . -. ... .-
..-. ..- -.-. -. .-. -.. - .... ... ..- -.- -. .-- -.-. -..
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Discuss
mailing list