On October 5, 2004 09:02 am, s. keeling wrote: > Incoming from Nick W: > > On October 4, 2004 08:35 pm, s. keeling wrote: > > > Having to su to root is a good security practice. > > > > I know, but it's a pain. :) > > Take that as an indication of how the crackers feel (should they ever > get that far). > > You can do a lot from a plain user account including send spam, attack > other hosts, release malware, & etc. That's bad enough. If they > can't get to root, you can at least find out about it. If they can get > to root, you'll have no idea what's going on because they'll be able > to clean up after themselves. Your first indication might be the RCMP > showing up at your door. > > In some jurisdictions, doing what you're asking would open you up to > accusations of complicity and legal action on the part of third > parties attacked by your network.
Lets assume 'Mr. Blackhat' is looking to attack 'Mr. Innocent-Network' using my network 'Mr. Intermediate-Network'. Let's assume Mr. Blackhat has a personal vendetta against Mr. Intermediate-Network, so he's not just randomly looking for any machine on the internet that's susceptible, but he has a specific IP he wants to use and is going to work at it. So he looks at my network and hits a hardware firewall which has 2 ports forwarded for HTTP and SSH. Unless he wants a headache he's going to start there, rather than trying to get through to my laptop for example which is completely hidden. He's going to attempt to directly SSH in to my server because my laptops SSH port is inaccessible [short of cracking my router] from the internet. His options are: Internet -> open port -> ssh as normal user -> su -> my server -OR- Internet -> _stealthed_ port -> software firewall -> laptop -> ssh as root -> server To me a direct attack on my server would be the 1)first visible opportunity, and 2)much easier. IMHO, I doubt what I asked lowers my security much, if any. It's hardly complacent. Nick _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
