Re: backdoor threat
In response to prad p...@towardsfreedom.com: Sure, there's 10 things. Start by running a nmap scan from a different computer and see what ports are open. Investigate each program listening on those ports to ensure it's properly secured. ok this is really neat! we did the scan and found what the open ports are. so the first one we changed was the ssh. then a friend said he assigns ports that are not used in /etc/services, so i presume this means for instance if we change the http port, we'll have to tell our http server to do business on that port? Moving programs to different ports is not a viable security technique. It really only slows down a potential attacker a little bit. My point in suggesting the port scan was for _you_ to know, conclusively, what programs are potential attack vectors. Moving your web server to a different port will make it difficult for people you _want_ to use it to find it. And it won't make it significantly more difficult for attackers. is this what you mean by ensuring that the program listening on a port is properly secured? or is there something else? Every program has its own list of steps to secure it. Once you know what programs need to be secured, you can then address each one individually. For example, it seems you've already taken reasonable steps with sshd, by disabling password login and only using keys. You can go a few steps further by ensuring that the only accounts that can login are those that you want to have access, and then installing a program that automatically blocks IPs that have too many failed login attempts. With all programs, you want to make sure that you've got the latest versions that have all known bugs patched. With apache, you should disable modules that you aren't using, and ensure that any interpreters (such as PHP) are limited to only the functionality that is needed. It's also good general practice to configure a packet filter (such as pf or ipfw) that only allows traffic that you know is good. That way, if someone manages to install a trojan, it's neutered because it can't communicate back to its control site. Making secure web forms is too complex to discuss in a single email. ok we'll look into this further. we really don't have too many web forms and the forum software we use is punbb which i think they (rickard et al) take good care of. Again, make sure you keep this software up to date, so you have the latest bug fixes. Installing portaudit and making sure you get the nightly emails from it is a good idea. -- Bill Moran http://www.potentialtech.com http://people.collaborativefusion.com/~wmoran/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: backdoor threat
OK - this thread is scaring me. Anything that involves a backdoor threat is very concerning - I keep looking over my shoulder to make sure no one is sneaking up on me! -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Bill Moran Sent: Monday, June 22, 2009 8:00 AM To: prad Cc: freebsd-questions@freebsd.org Subject: Re: backdoor threat In response to prad p...@towardsfreedom.com: Sure, there's 10 things. Start by running a nmap scan from a different computer and see what ports are open. Investigate each program listening on those ports to ensure it's properly secured. ok this is really neat! we did the scan and found what the open ports are. so the first one we changed was the ssh. then a friend said he assigns ports that are not used in /etc/services, so i presume this means for instance if we change the http port, we'll have to tell our http server to do business on that port? Moving programs to different ports is not a viable security technique. It really only slows down a potential attacker a little bit. My point in suggesting the port scan was for _you_ to know, conclusively, what programs are potential attack vectors. Moving your web server to a different port will make it difficult for people you _want_ to use it to find it. And it won't make it significantly more difficult for attackers. is this what you mean by ensuring that the program listening on a port is properly secured? or is there something else? Every program has its own list of steps to secure it. Once you know what programs need to be secured, you can then address each one individually. For example, it seems you've already taken reasonable steps with sshd, by disabling password login and only using keys. You can go a few steps further by ensuring that the only accounts that can login are those that you want to have access, and then installing a program that automatically blocks IPs that have too many failed login attempts. With all programs, you want to make sure that you've got the latest versions that have all known bugs patched. With apache, you should disable modules that you aren't using, and ensure that any interpreters (such as PHP) are limited to only the functionality that is needed. It's also good general practice to configure a packet filter (such as pf or ipfw) that only allows traffic that you know is good. That way, if someone manages to install a trojan, it's neutered because it can't communicate back to its control site. Making secure web forms is too complex to discuss in a single email. ok we'll look into this further. we really don't have too many web forms and the forum software we use is punbb which i think they (rickard et al) take good care of. Again, make sure you keep this software up to date, so you have the latest bug fixes. Installing portaudit and making sure you get the nightly emails from it is a good idea. -- Bill Moran http://www.potentialtech.com http://people.collaborativefusion.com/~wmoran/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org font size=1 div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in' /div This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. /font ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: backdoor threat
In response to Gary Gatten ggat...@waddell.com: OK - this thread is scaring me. Anything that involves a backdoor threat is very concerning - I keep looking over my shoulder to make sure no one is sneaking up on me! My job here is done ... In my experience, most people don't take the steps necessary to really secure their systems. But it's all a tradeoff. If I'm running an online banking site, then I'm going to go all out to ensure that all the required steps are made to secure the system, otherwise I'm not going to stay in business very long. But if I'm selling ringtones over the internet, or running a site for flash games that makes money off banner ads, how diligent should I be? I mean, if someone breaks in, how much do I lose? I'm not storing anyone's credit card numbers, so I just have to deal with a couple days of downtime while I fix the server. And chances are nobody is going to break into my system anyway, since I don't have anything worth stealing. Of course, the flaw in that reasoning is that while you may not care, the rest of the internet is getting bombed by the botnet that you've joined by your carelessness. The counter-argument to that is that you can't afford what it would cost to _really_ secure a system like that. And it's not justified if the information isn't sensitive anyway. So, yes. Keep looking over your shoulder. _Someone_ is sneaking up on you. -- Bill Moran http://www.potentialtech.com http://people.collaborativefusion.com/~wmoran/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: backdoor threat
On Mon, Jun 22, 2009 at 11:36 AM, Bill Moranwmo...@potentialtech.com wrote: In response to Gary Gatten ggat...@waddell.com: OK - this thread is scaring me. Anything that involves a backdoor threat is very concerning - I keep looking over my shoulder to make sure no one is sneaking up on me! My job here is done ... In my experience, most people don't take the steps necessary to really secure their systems. But it's all a tradeoff. If I'm running an online banking site, then I'm going to go all out to ensure that all the required steps are made to secure the system, otherwise I'm not going to stay in business very long. But if I'm selling ringtones over the internet, or running a site for flash games that makes money off banner ads, how diligent should I be? I mean, if someone breaks in, how much do I lose? I'm not storing anyone's credit card numbers, so I just have to deal with a couple days of downtime while I fix the server. And chances are nobody is going to break into my system anyway, since I don't have anything worth stealing. Of course, the flaw in that reasoning is that while you may not care, the rest of the internet is getting bombed by the botnet that you've joined by your carelessness. The counter-argument to that is that you can't afford what it would cost to _really_ secure a system like that. And it's not justified if the information isn't sensitive anyway. So, yes. Keep looking over your shoulder. _Someone_ is sneaking up on you. -- Bill Moran http://www.potentialtech.com http://people.collaborativefusion.com/~wmoran/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org I would also try to patch your FreeBSD, bringing it up-to-date -- http://alexus.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: backdoor threat
I guess you guys didn't get my humor in the backdoor threat? Geez, if funny jokes aren't funny when no one gets them, and this reference was marginal at best! -Original Message- From: alexus [mailto:ale...@gmail.com] Sent: Monday, June 22, 2009 10:39 AM To: Bill Moran Cc: Gary Gatten; freebsd-questions@freebsd.org; prad Subject: Re: backdoor threat On Mon, Jun 22, 2009 at 11:36 AM, Bill Moranwmo...@potentialtech.com wrote: In response to Gary Gatten ggat...@waddell.com: OK - this thread is scaring me. Anything that involves a backdoor threat is very concerning - I keep looking over my shoulder to make sure no one is sneaking up on me! My job here is done ... In my experience, most people don't take the steps necessary to really secure their systems. But it's all a tradeoff. If I'm running an online banking site, then I'm going to go all out to ensure that all the required steps are made to secure the system, otherwise I'm not going to stay in business very long. But if I'm selling ringtones over the internet, or running a site for flash games that makes money off banner ads, how diligent should I be? I mean, if someone breaks in, how much do I lose? I'm not storing anyone's credit card numbers, so I just have to deal with a couple days of downtime while I fix the server. And chances are nobody is going to break into my system anyway, since I don't have anything worth stealing. Of course, the flaw in that reasoning is that while you may not care, the rest of the internet is getting bombed by the botnet that you've joined by your carelessness. The counter-argument to that is that you can't afford what it would cost to _really_ secure a system like that. And it's not justified if the information isn't sensitive anyway. So, yes. Keep looking over your shoulder. _Someone_ is sneaking up on you. -- Bill Moran http://www.potentialtech.com http://people.collaborativefusion.com/~wmoran/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org I would also try to patch your FreeBSD, bringing it up-to-date -- http://alexus.org/ font size=1 div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in' /div This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. /font ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: backdoor threat
In response to Gary Gatten ggat...@waddell.com: I guess you guys didn't get my humor in the backdoor threat? Geez, if funny jokes aren't funny when no one gets them, and this reference was marginal at best! Well, _now_ I get it. And jokes are almost never funny when you don't get them ... -- Bill Moran http://www.potentialtech.com http://people.collaborativefusion.com/~wmoran/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: backdoor threat
On Mon, 22 Jun 2009 11:52:24 -0400 Bill Moran wmo...@potentialtech.com wrote: And jokes are almost never funny when you don't get them ... quite true. furthermore, i have gotten some ideas from you, bill that had never occurred to me and i appreciate them very much. thanks to your wisdom as well we are examining our requirements for security. -- In friendship, prad ... with you on your journey Towards Freedom http://www.towardsfreedom.com (website) Information, Inspiration, Imagination - truly a site for soaring I's ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
backdoor threat
i just received this 'threat' from someone on a forum: +1.2507437628 -- And,yes of course this is a fax, but I could write and execute a script that would have some real fun with it.. Don't you think. Especially from a BSD server ;) You missed a small back door, if you're nice I'll help you close it. ;) i am very curious as to what script this person can write to have fun with a fax number. what are they going to do - send me junk faxes instead of junk emails? however, i'm very curious about the back door. what backdoors are there on what is pretty well a freebsd server default setup? i have disabled password access. there are some php forms, but i use the proper way to set variables. are there other things i should be thinking about? -- In friendship, prad ... with you on your journey Towards Freedom http://www.towardsfreedom.com (website) Information, Inspiration, Imagination - truly a site for soaring I's ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: backdoor threat
In response to prad p...@towardsfreedom.com: i just received this 'threat' from someone on a forum: Stay off that forum. Sounds annoying to me. +1.2507437628 -- And,yes of course this is a fax, but I could write and execute a script that would have some real fun with it.. Don't you think. Especially from a BSD server ;) You missed a small back door, if you're nice I'll help you close it. ;) i am very curious as to what script this person can write to have fun with a fax number. what are they going to do - send me junk faxes instead of junk emails? Sure. It costs almost nothing to send a fax message, and he could send it over and over and run you out of paper and ink while you're sleeping. Infantile, yes. however, i'm very curious about the back door. what backdoors are there on what is pretty well a freebsd server default setup? i have disabled password access. there are some php forms, but i use the proper way to set variables. are there other things i should be thinking about? Sure, there's 10 things. Start by running a nmap scan from a different computer and see what ports are open. Investigate each program listening on those ports to ensure it's properly secured. Making secure web forms is too complex to discuss in a single email. Of course, the someone could just be spouting off. A few years ago, I had someone claim that they could break into my server because my ports weren't stealth (i.e., because they returned RST packets instead of just dropping the syns). I invited the idiot to prove it by breaking in, which he never accomplished. Some people brag without being able to back it up. -- Bill Moran http://www.potentialtech.com http://people.collaborativefusion.com/~wmoran/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: backdoor threat
On Fri, 19 Jun 2009 14:39:35 -0400 Bill Moran wmo...@potentialtech.com wrote: Sure. It costs almost nothing to send a fax message, and he could send it over and over and run you out of paper and ink while you're sleeping. Infantile, yes. yes except for the fact that i don't have a fax machine and the number is incorrect anyway :D Sure, there's 10 things. Start by running a nmap scan from a different computer and see what ports are open. Investigate each program listening on those ports to ensure it's properly secured. ok this is really neat! we did the scan and found what the open ports are. so the first one we changed was the ssh. then a friend said he assigns ports that are not used in /etc/services, so i presume this means for instance if we change the http port, we'll have to tell our http server to do business on that port? is this what you mean by ensuring that the program listening on a port is properly secured? or is there something else? Making secure web forms is too complex to discuss in a single email. ok we'll look into this further. we really don't have too many web forms and the forum software we use is punbb which i think they (rickard et al) take good care of. Of course, the someone could just be spouting off. ... Some people brag without being able to back it up. i think this is such a situation. i think the person thought i'd be astonished that he was able to pull my first and last name as well as my address out of a whois search and show them to me :D and by showing me that he can use words like backdoor and BSD, no doubt i should step back and bow to his level of expertise! still, i see this as an opportunity for my son and myself to learn something we really haven't paid much attention to, so we're going to do it! thx for your help bill! -- In friendship, prad ... with you on your journey Towards Freedom http://www.towardsfreedom.com (website) Information, Inspiration, Imagination - truly a site for soaring I's ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org