On 11 May 2001 19:37:46 -0400, R. DuFresne wrote:
> at exactly are you going
> to do there when you suddenly see a few packets clobber your system? Fire
> up tcpdump to see what might be in the packets? Dang, too late, your
> system has been compromised in the time it took you to fire up tcpdump.
No. You stay ahead of the hackers for the most part. Keep up on your
software updates. Stay aware of potential intrusion methods. Monitor
internal network use as well as external. Set rules on your firewalls
to "nothing" and allow what's needed with monitoring of activity. Don't
offer unencrypted remote access. Don't allow 'su' from untrusted
terminals on Unix boxes. <slander>Don't run NT</slander>, etc.
> They not only got in, they rootkitted the box and you have a mess on your
> hands, and might as well empty your pockets on the desk to pay for
> cleaning up the mess and trying to trace it to a place of origin, after
> the disconnection from the internet.
If they rootkitted my firewall, they would then have to hack every
machine on the DMZ which have firewall rules to only accept authorized
traffic via the firewall and not from the firewall itself (based on IP).
> does hiding the version and make of the services you offer hurt security
> on the site? Certainly not, you've yet to show it could. Does it help
> security?
No. It may, if nothing else, put off one or two hackers out of a few
hundred thousand (or more). Someone _will_ attempt to hack your system
for real. Version number hiding won't change that.
> Perhaps, it might send someone off to seek an easier place to
> exploit and crack, and it might well hide your exploitable service until
> you can get the newfound exploit patched.
And when they successfully attack that target, where do they go next?
Oh, they bounce-attack back to you because they're now untraceable.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
