[clug] Secure your Internet facing stuff (was Re: googlebot doing funny things in logs)

[Ian Bardsley]

Now here is a topic for CLUG meetings particularly if focused for all of 
us non technical Linux users.  How exactly do you secure an Internet 
facing Linux box.  I have spent many hours reading the myriad of posts 
on the net on this topic and have understood very little. I also note 
there are a million (exaggeration of course) different opinions of the 
level of threat that may or may not exist.

Any of you networking/security gurus want to cobble together a "Words of 
one Syllable" Network Security for Dummies presentation?

Regards

On 06/16/2011 01:50 PM, Alex Satrapa wrote:
> On 16/06/2011, at 13:08 , Hal Ashburner wrote:
>
>> Tee hee! There's even more to securing a machine than that! :P
>> You've actually got to unplug it completely from the network "as Pwn2own has shown", just because you're running no services doesn't mean you can't be cracked.
>
>> Or option B is to trade off a reasonable assessment of the risk and the cost with the value of the service while trying to minimise the first two to some reasonable degree then make your trade off.
>
> What happens when, as a result of the lulzsec DDoS cannon being sprayed about with gay abandon, countries like the USA start passing laws along the lines of, "if you are notified that your system is pwnd and being used in a DDoS and you fail to take action to secure it, you are considered to be aiding hostile action against this nation"?
SNIP
> Simple safety precautions, which some people continue to ignore because, "it'll never happen to me!"
> Alex
>

-- 
Ian Bardsley