On Fri, Aug 13, 2010 at 8:25 AM, Enrico Weigelt <weig...@metux.de> wrote: > * Paul Hartman <paul.hartman+gen...@gmail.com> wrote: > > <snip> > > Apropos cracked machines: > > In recent years I often got trouble w/ cracked customer's boxes > (one eg. was abused for SIP-calling people around the world and > asking them for their debit card codes ;-o). So thought about > protection against those scenarios. The solution: > > Put all remotely available services into containers and make the > host system only accessible via special channels (eg. serial console). > You can run automatic sanity tests and security alerts from the hosts > system, which cannot be highjacked (as long as there's no kernel > bug which allows escaping a container ;-o). > > This also brings several other benefits, eg. easier backups, quick > migration to other machines, etc. > > > cu
Hi Enrico, Since I'm not an IT guy could you please explain this just a bit more? What is 'a container'? Is it a chroot running on the same machine? A different machine? Something completely different? In the OP's case (I believe) he thought a personal machine at home was compromised. If that's the case then without doubling my electrical bill (2 computers) how would I implement your containers? Thanks, Mark