Re: security on linux



General Schvantzkoph <schvantzkoph@xxxxxxxxx> writes:

On Sun, 13 May 2007 16:05:21 -0400, Randy Yates wrote:

Hi Folks,

A recent poster's queries on security have made me question how secure
my system is.

Let's assume that physical access to the system is controlled and that
the only way to access the system is through the internet.

I'm using FC6. Using a reasonable modicum of common sense. For example,
I'm using a router as a firewall and only selectively allowing the ports
I want to public access. Also, I restrict my ssh connections to a
specific port and username.

How difficult would it be to gain user-level (not root) access? Try
rating on a scale from 0 to 100, where 0 is the data is served publicly
(i.e., no effort required) and 100 is knowledge at the bleeding edge of
security and a significant amount of resources, say, a few 10's of
thousands of dollars), were required.

What's the security on this scale of a well-maintained FC6 system? My
gut tells me it is something on the order of 25, but that's just a WAG.

You shouldn't allow password access to ssh, you should always require RSA
authentication. Passwords can be guessed, public keys can't. As long as
ssh is the only publicly available service, and you require RSA
authentication then you should be safe.

Thanks for the tip!
--
% Randy Yates % "...the answer lies within your soul
%% Fuquay-Varina, NC % 'cause no one knows which side
%%% 919-577-9882 % the coin will fall."
%%%% <yates@xxxxxxxx> % 'Big Wheels', *Out of the Blue*, ELO
http://home.earthlink.net/~yatescr
.



Relevant Pages

  • Re: Recommendation for a good two-factor authentication product
    ... it also became clear that the MS folks RSA ... authentication mechanism and it scales just fine. ... lot of other security persons, ... up with are somehow lacking in effective access control. ...
    (microsoft.public.windows.server.security)
  • Re: Recommendation for a good two-factor authentication product
    ... this solution was in development, but showed up at RSA, on an outside ... authentication mechanism and it scales just fine. ... lot of other security persons, ... up with are somehow lacking in effective access control. ...
    (microsoft.public.windows.server.security)
  • Re: [Full-disclosure] Why Vulnerability Databases cant do everything
    ... best to relegate programming to a ... is a big difference between these two views of information security. ... but not nearly as important as designing secure systems. ... My favorite example to illustrate this point - ssh. ...
    (Bugtraq)
  • [NT] RSA SecurID Web Agent Heap Overflow
    ... Get your security news from a reliable source. ... RSA SecurIDis a popular strong authentication ... * RSA SecurID web Agent version 5.3 and prior ...
    (Securiteam)
  • RE: Linux hacked
    ... Also, what exactly did the history file show, can you paste it into a mail ... > First let me say I'm a security novice. ... > been unsuccessful in getting root back. ... > via ssh but you could su in once logged in as one of three users. ...
    (Security-Basics)