On Thu, Jun 12, 2008 at 08:41:18AM -0500, Lyle Giese wrote: > Most recent hacks that I have first or second hand knowledge of > came from ssh issues. Most inexperienced admins will expose ssh > without using the 'allowgroups' option in their sshd_config and > will get hacked by someone logging in via ssh using a system > account with no password. The second thing to do with ssh is to > move it to another port to keep the script kiddies from pounding on > it. If there is a weak or missing password, they will find it.
This is true, and I'd forgotten to mention it. Update your machine regularly, and always take security updates, even if they cause breakage you have to chase down. Additionally, you should install a brute-force-attack blocker: http://www.la-samhna.de/library/brutessh.html I like the tcp_wrappers version, but whatever suits you. > An encrypted USB thumbdrive is also a good storage device for > passwords. I use TrueCrypt and have the executable availble > unencrypted on the thumbdrive so I could plug it into almost any > machine and get to the encrypted data. Though note that all currently extant hardware-secured thumbdrives are snake oil. I recommend Bruce Schneier's Password Safe (and not any of the other, similarly named programs) if you feel the need to store a lot of authentication credentials. Or get a BlackBerry and use theirs. Cheers, -- jra -- Jay R. Ashworth Baylink [EMAIL PROTECTED] Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Joseph Stalin) _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users