[clug] Secure your Internet facing stuff (was Re: googlebot doing funny things in logs)
Edward C. Lang
edlang at edlang.org
Thu Jun 16 05:19:19 MDT 2011
On 16/06/2011 20:21, Sam Couter wrote:
> Ian Bardsley<ifb777 at tpg.com.au> wrote:
>> Any of you networking/security gurus want to cobble together a
>> "Words of one Syllable" Network Security for Dummies presentation?
> Here's my one syllable Security for Dummies presentation on how to
> secure an Internet facing Linux (or any other OS) box: Don't.
> Seriously, if you don't know what you're doing, pay for commercial
> hosting. It's cheap, easy and reliable and the headaches are for someone
I was going to reply but Sam's response is better... the only other
things I'd add are: simplicity is best, don't try to be too clever;
follow common, well-reviewed designs; document your builds and critical
data, because if and when you're compromised, you can trust nothing,
including your backups.
However, I would suggest you examine your password and certificate
management. Enforced minimum lengths, strength and expiration are all
useful in mitigating the ability for someone to compromise and then use
accounts. I don't think hosting services address that to any particular
> For home, just about any consumer router will by default be relatively
> secure and capable of securing the rest of your network. It's probably
> running Linux too.
Air-gapping key assets is also useful. Just because you can add
something to a network doesn't mean you should.
More information about the linux