Matthew Palmer wrote:
Put up at http://www.hezmatt.org/~mpalmer/talks/2004/security-slug/, please be gentle with my ADSL link.
- Matt
Thanks for putting this up.
1. About remote port scanning - there are probably other services people here can
recommend, but one which I am aware of and trust is GRC's "ShieldsUP" service at
https://www.grc.com/x/ne.dll?bh0bkyd2 (hope this link works, if not the go to the root and dig
from there). This is of course useful when you don't have a remote machine to scan from.
2. For checking which files were modified - I think I saw some "debian package checksum
checkers" around - is there anything useful already? How useful is the free version of
"electric fence"?
3. logwatch (has a debian package) mails me every day what happened in
my logs, helps keep a casual eye on my logs without having to rummage through them
every day.
4. You might call this "security through obscurity" but I've grown tired of my apache/ssh/imaps
ports being scanned dozens of times per hour so I moved them to non-conventional ones and
reduced the load practically to zero. I'm aware this is not practical for public HTTP server but
it might help a bit with the other services. Lesser noise helps find actual attacks.
I'd be glad to hear what people think about these tools and practices what else can I do to protect
my home machine (which is connected 24/7 through ADSL).
(An old anecdote - I used to take part in a tiny ISP about a decade ago and though "oh - we are tiny,
who the hell is going to bother with us?" and we were owned for a long time with not much luck getting
rid of the owner. Lesson - it will happen to ANYTHING connected to the net, no exceptions what so
ever).
Cheers,
--Amos
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
