On Saturday 05 September 2009 11:56:09 Dale wrote: > Hi, > > As some may know already, I recently got DSL. It's not a super fast > connection by broadband standards but it does mean that my box may be > easier to find for a hacker. So, I have a few questions about > security. I think I am OK but want to make sure. > > 1: I have a good root password. It's not something someone would guess > for sure. Nothing related to my history, birthdays or anything. It is > still fairly easy for me to type tho.
Good. Also disable root login using sshd > 2: I went to this link: https://www.grc.com/x/ne.dll?bh0bkyd2 > According to that site my ports are in "stealth" mode which is good from > what I understand. That's Gibson. Sometimes he talks sense and has good ideas, but he always rambles. Wheat and chaff. Run "netstat -atnup" and see what's open. Apply brainpower to what you see. Learn how to drive nmap and throw it at localhost. Apply brainpower to what you see. > 3: I have no servers running here. No Apache, MySql, or any of that. > I also have turned off/stopped ssh since I have only one box at the > moment. no services running by default is a sane starting point for personal use. But you will likely need *some* services, so deploy them one by one and audit each one before taking it live. Start them only when you need them. > 4: I'm currently using this kernel: 2.6.25-gentoo-r9 I plan to > upgrade that in the next day or so. Kernel bugs exist of course, but in terms of numbers, it's far easier for someone to access your box using other routes. Like php. Pay attention to kernel bugs but you also have to prioritize by risk factor, so that one is correspondingly lower on the list. > The DSL modem I am using is the Motorola 2210. It seems to be a gateway > thing. I have no router at the moment but if I build a new rig I will > be getting one then. Most likely a Linksys or something. I'll post > here before getting one anyway. ;-) > > Am I missing anything? If you need more info, let me know. I just want > to make sure no one can get into my box without me knowing about it and > getting into mischief. By far the most common attack vector into home machines is users doing stupid things with mail and dodgy links. This is how phishers work. So you need to apply diligence in what you click and where you go. But, you are likely exercising this already. Top of my list is always to lock down things that give shell access. No telnet, no root login, access for specific users only. I use "AllowGroups" in sshd_config a lot - only that group's members may log in and one grep shows you exactly who is in that group. You deal with brute force attacks using packages like fail2ban and denyhosts. The general idea is that if a certain number of failed attempts show up in the logs in a short time, that IP is locked out for a few hours. john the ripper is excellent at finding weak passwords. I don't know how much benefit you will get - having only two users with passwords - but I use it routinely on my servers. There's a certain satisfaction in attending security forum meetings and telling some manager with a stick up his ass that you are the one who trashed his access because you found his password in 38 seconds :-) -- alan dot mckinnon at gmail dot com
