[clug] Secure your Internet facing stuff (was Re: googlebot doing funny things in logs)
ifb777 at tpg.com.au
Thu Jun 16 00:28:33 MDT 2011
Now here is a topic for CLUG meetings particularly if focused for all of
us non technical Linux users. How exactly do you secure an Internet
facing Linux box. I have spent many hours reading the myriad of posts
on the net on this topic and have understood very little. I also note
there are a million (exaggeration of course) different opinions of the
level of threat that may or may not exist.
Any of you networking/security gurus want to cobble together a "Words of
one Syllable" Network Security for Dummies presentation?
On 06/16/2011 01:50 PM, Alex Satrapa wrote:
> On 16/06/2011, at 13:08 , Hal Ashburner wrote:
>> Tee hee! There's even more to securing a machine than that! :P
>> You've actually got to unplug it completely from the network "as Pwn2own has shown", just because you're running no services doesn't mean you can't be cracked.
>> Or option B is to trade off a reasonable assessment of the risk and the cost with the value of the service while trying to minimise the first two to some reasonable degree then make your trade off.
> What happens when, as a result of the lulzsec DDoS cannon being sprayed about with gay abandon, countries like the USA start passing laws along the lines of, "if you are notified that your system is pwnd and being used in a DDoS and you fail to take action to secure it, you are considered to be aiding hostile action against this nation"?
> Simple safety precautions, which some people continue to ignore because, "it'll never happen to me!"
More information about the linux