On Wed, 2007-08-29 at 09:31 -0500, Jason Rabel wrote: > > 1) Login timing - only login first 5 seconds of the minute > > 2) Rotating passwords by day / hour > > 3) Logging and email alerts - every login attempt generates an email > > 4) Login hours - If you are home at night, no logins then. > > 5) Rate limiting - stop responding for 10 minutes after 3-5 failed > > attempts > >
Renaming vital commands, causing connections from unknown addresses to hang,.. > > All of this stuff has downsides. If it is *vital* you log in you may > > not want to do some of them. What ever you do, I would go with SSH > > and set it up to use *large* keys only. Keeping track of everything yourself will quickly require a manual in its own right. > Some of those seem a little overkill. It would be much easier to watch your > secure log and add an IP to your firewall after so many failed login > attempts. Most brute force attacks are quite obvious when they start > pounding your server with dozens of login attempts with usernames in > alphabetical order. A net45x1 actually has an advantage here. Suppose cracker has taken possession of user account and decides to run some brute force prog for cracking the root account, or some other account on the local net. On a net 45x1, the force applied won't be that brute after all, yet still, for regular maintenance logins it will provide sufficient processing power/transfer speed. Nice little bottleneck, which will at least buy the admin some time. Bill > _______________________________________________ > Soekris-tech mailing list > [email protected] > http://lists.soekris.com/mailman/listinfo/soekris-tech > _______________________________________________ Soekris-tech mailing list [email protected] http://lists.soekris.com/mailman/listinfo/soekris-tech
