Re: KDE

From: Vahis <vahis@xxxxxxxxxxx>
Date: Wed, 21 Dec 2005 14:46:39 +0200

houghi wrote:

Vahis wrote:

It's not open to WAN because everything I do with Webmin I do only in LAN.
Do you need access to webmin from all over the world?


No, see above.

Most likely not.

Find out what the IP ranges are that you DO want access from and only
allow those.

I allow ONE (1) address in an unusual port for ssh2 WHEN NEEDED. This is only when I'm out in our holiday home and I might need access. Normally only port 80 is open for http to one address through NAT.

Also I don't answer pings:
sysctl -w net.ipv4.icmp_echo_ignore_all=1

I have started to get logs via normal email (ISP) webmail, so I need no access for reading logs.


If you are really, really, really scared that somebody might gain
access


I am
, you could look into s-keys. They are passwords that you only use

once.. Used to have it at a company to gain access over telnet. (Before
ssh was common)

You would get a piece of paper full of lines with 5 letter words on it.
The first time you made a connection, you would enter the first line.
The second time the second line and so on. At the end you would get a
new paper.

That's what we use here for logging into bank accounts. I just paid my annual membership fee to our MC-club like 10 minutes ago. The Bank's site was in some technical difficulties and they were using text based interface instead of their normal ssl graphical one. I was kinda wondering...

Also you can start using longer passwords then 8 caracters.

My passwords are always 12 -15 characters long including randomly upper and lower case + numbers. They never include any words in any language that I know of.

Whenever I log in any of the boxes (LAN) I turn on "Paranoid" from Black Sabbath, loud.

The last sentence was not true, everything else was :)

--
Vahis
.

References:
- KDE
  - From: Phillip Gower
- Re: KDE
  - From: mst
- Re: KDE
  - From: Phillip Gower
- Re: KDE
  - From: Vahis
- Re: KDE
  - From: Phillip Gower
- Re: KDE
  - From: Vahis
- Re: KDE
  - From: Perfect Reign
- Re: KDE
  - From: Vahis
- Re: KDE
  - From: Kevin Nathan
- Re: KDE
  - From: Vahis
- Re: KDE
  - From: Kevin Nathan
- Re: KDE
  - From: Vahis
- Re: KDE
  - From: Kevin Nathan
- Re: KDE
  - From: Vahis
- Re: KDE
  - From: houghi

Prev by Date: Re: Change the GTK font?
Next by Date: Re: SuSE Installation Setup
Previous by thread: Re: KDE
Next by thread: Re: KDE
Index(es):
- Date
- Thread

Relevant Pages

Re: ssh logs?
... Suppose the ssh-client machine is in a LAN. ... If I ssh to a computer ... the local machine, you may have no logs, logs recording that ssh was ... might want on the client machine, iptables and process accounting. ...
(comp.os.linux.security)
Re: ssh logs?
... Suppose the ssh-client machine is in a LAN. ... the local machine, you may have no logs, logs recording that ssh was ... might want on the client machine, iptables and process accounting. ... but you should always be looking for documentation that is ...
(comp.os.linux.security)
Re: ssh logs?
... Suppose the ssh-client machine is in a LAN. ... the local machine, you may have no logs, logs recording that ssh was ... might want on the client machine, iptables and process accounting. ... but you should always be looking for documentation that is ...
(comp.os.linux.security)
Intruders on a lan.
... Hi guys this is the first time that I write on this service. ... I would like to know if somebody is having problems with "intruders" ... our LAN resources. ... I have a DHCP server and of course I can not reserve IP addresses for each ...
(microsoft.public.windows.server.migration)
Intruders....?
... Hi guys this is the first time that I write on this service. ... I would like to know if somebody is having problems with "intruders" ... our LAN resources. ... I have a DHCP server and of course I can not reserve IP addresses for each ...
(microsoft.public.windows.server.networking)