I think another good solution for remote acces is to use the OpenVPN
server. In that way you can have acces to ssh and to web interface
without security problems.
Cristian wrote:
Hi AJ
That's like you sad. To access trough SSH from RED you must to create a
rule on System Access Menu.
About the subject, I modified the SSH configuration to other port. I
know that is not the solution, and Peter was right, the best solution is
to permit the connections only from certain ip address. But I can't do
that because I need to connect to EFW from different places tha has
Dynamic IP.
Changing the ssh port reduce the impact.
Best Regards.
CC
P.S.: Sorry if my english is not very good.
AJ Weber wrote:
Just to clarify, since this is pretty sensitive and I want to make
sure I read the docs and the actual fw config right...SSH is only
available to GREEN unless you take some additional steps to explicitly
allow it from RED, right?
-AJ
----- Original Message -----
*From:* Peter Warasin <mailto:[EMAIL PROTECTED]>
*To:* [email protected]
<mailto:[email protected]>
*Sent:* Friday, January 18, 2008 11:37 AM
*Subject:* Re: [Efw-user] SSh Attack
Carlos Leal wrote:
> The use of port 22 in place of a less well known port makes it
more
> vulnerable to automated attacks. This is why IPCop , which was the
> inspiration for this product uses port 222 for ssh.
To be honest, that's security by obscurity, therefore we removed that.
It makes more sense to use the standard ports and to block the access
completely for the unauthorized.
Simply open the port within system access only for your ip addresses,
disable ssh and enable it only when you need, or connect through vpn.
peter
--
:: e n d i a n
:: open source - open minds
:: peter warasin
:: http://www.endian.com :: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
------------------------------------------------------------------------
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
------------------------------------------------------------------------
_______________________________________________
Efw-user mailing list
[email protected] <mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/efw-user
------------------------------------------------------------------------
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
------------------------------------------------------------------------
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
--
Multumesc,
Bogdan MILESCU
Manager IT
SC ELMAS SRL
www.1234.ro
B-dul Grivitei Nr 1Y
Brasov, Romania
Tel 0720100115, Fax 0268308705
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
