Re: duqu

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tue, 2011-12-06 at 18:12 -0600, Les Mikesell wrote:

> I'd expect it to be at least typical to firewall direct ssh access
> from the internet.

A Linux newcomer, untrained and a self-learner, I made an abrupt
immersion into Linux on 1 June 2010. It was a steep learning-curve.

The first thing I did was to make a 20-odd character password for Root
with lowercase, uppercase and digits (using my former address in
Germany).

The next thing I did was to change the default SSH port number AND
restrict access to 3 approved IP addresses only.

Anyone who leaves SSH on a default port open to any IP address is
stupid.

Anyone not wanting to allow SSH access into their machine should
consider:-

        chkconfig --list|grep ssh
        chkconfig sshd off
        service sshd stop
        
Long, not easy to guess and totally beyond the reach of dictionary
attacks, passwords for Root are absolutely essential. Security begins
with a minimum password length of 12 characters for ALL users.

Rootkits are another essential.

There is a real war on. No sensible person lays down and lets the enemy
walk all over them. Constant and widespread defence is vitally
important. Every day I see evidence of many hacked computers all around
the world. It persuades me to think many admins are simply incompetent -
they seem to use Windoze.

A professional qualification in basic server security would be a useful
attribute.

-- 
With best regards,

Paul.
England,
EU.


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux