[clug] Secure your Internet facing stuff (was Re: googlebot doing funny things in logs)

[Sam Couter]

Ian Bardsley <ifb777 at tpg.com.au> wrote:
> Now here is a topic for CLUG meetings particularly if focused for
> all of us non technical Linux users.  How exactly do you secure an
> Internet facing Linux box.  I have spent many hours reading the
> myriad of posts on the net on this topic and have understood very
> little. I also note there are a million (exaggeration of course)
> different opinions of the level of threat that may or may not exist.
> 
> Any of you networking/security gurus want to cobble together a
> "Words of one Syllable" Network Security for Dummies presentation?

Here's my one syllable Security for Dummies presentation on how to
secure an Internet facing Linux (or any other OS) box: Don't.

Seriously, if you don't know what you're doing, pay for commercial
hosting. It's cheap, easy and reliable and the headaches are for someone
else.

For home, just about any consumer router will by default be relatively
secure and capable of securing the rest of your network. It's probably
running Linux too.

Security is hard to do right and very easy to do wrong. The difference
between security working and not working is invisible, so it's hard to
know if you got it wrong. The risk assessment is difficult because tiny
details in implementation make a huge difference in vulnerability and
the impact isn't just to you, it's also to the rest of the Internet.

Your foe is numerous, is well ahead of you in terms of knowledge and has
tools including a never-ending and cheap source of bots to launch
continuous automated attacks with.
-- 
Sam Couter         |  mailto:sam at couter.id.au
OpenPGP fingerprint:  A46B 9BB5 3148 7BEA 1F05  5BD5 8530 03AE DE89 C75C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/linux/attachments/20110616/32c50384/attachment.pgp>