Re: Putting server on the internet or not

On Wed, 2005-12-14 at 13:31 -0500, Scot L. Harris wrote:
> On Wed, 2005-12-14 at 13:05, Bob Chiodini wrote:
>
> > Edward,
> >
> > I have to agree with Scot. If you are a home user, lock everything down
> > behind a firewall. I opened up SSH and IMAPS while I was traveling
> > earlier this year and within 2 hours I was getting hammered by machines
> > on the internet trying to access my machine via SSH.
> >
>
> For home users one of the cheap Netgear or Linksys routers/firewalls do
> a good job. If you want to learn more, setting up a separate box as a
> firewall can be good but you will need to spend more time researching
> and monitoring such a system than one of the cheap devices mentioned
> above.
>
> Search the list for several threads discussing ssh security. (disallow
> root login, limit the users that can connect, use strong passwords, use
> keys if possible, consider using different port than 22 for ssh) This
> is true regardless of using a firewall or not.
>
>
> > I'll bet Scot has a generator though. Judging by his IP address, I bet
> > he was without power a lot during last hurricane season :-)
>
> This year they missed us here. But last year the generator did come in
> handy for a few weeks. Have had one for several years. But my ISP was
> down at the same time so no network connectivity. There for about a
> week there was also no land line phones or cell phone access as well.
> :)
>
> Those with generators, I also recommend installing a transfer switch.
> This allows you to provide power to specific circuits in the house
> without stringing extension cords all over and without back feeding the
> power grid.
>
>

I needed open SSH since I did not know what IP address I would be coming
from. Once known and verified that it was not changing I locked my
router up. It's a Dlink, and so far has been very good to me.

We had dialtone and DSL during the storms of 2004. The generator kept
power up for the essentials: fans, fridge, TV (until the dish blew
down) and computers.

'nuff said.

Bob...



--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Relevant Pages

  • Re: Putting server on the internet or not
    ... If you are a home user, ... > on the internet trying to access my machine via SSH. ... firewall can be good but you will need to spend more time researching ... > I'll bet Scot has a generator though. ...
    (Fedora)
  • Re: [fw-wiz] Is NAT in OpenBSD PF UPnP enabled or Non UPnP?
    ... >> I start by not giving logins and SSH access to users I don't trust. ... a network topology which goes around the ... >> firewall and thus is a serious hole to network security. ... >> have access via UPnP to, well, anything that device might happen to ...
    (Firewall-Wizards)
  • Re: ssh attempts
    ... the excellent iptables firewall you probably already have on your system. ... consider changing the port SSH listens on. ... Login to account webmaster not allowed or account non-existent. ... Computer Emergency Response Teams, and Digital Investigations. ...
    (Security-Basics)
  • Re: mpich and iptables firewall?
    ... to me it seems a very weird setup to have a firewall running ... on the cluster nodes. ... Using SGE you could disable rsh and ssh completely ... Chain FORWARD ...
    (comp.parallel.mpi)
  • Re: Problems with ipfw and ssh
    ... I get this error when updating my firewall rules via ssh. ... ${addcmd} 50 allow all from any to any via lo0 ... debug1: PAM: cleanup ...
    (freebsd-questions)