[clug] Secure your Internet facing stuff (was Re: googlebot doing funny things in logs)

Edward C. Lang edlang at edlang.org
Thu Jun 16 05:19:19 MDT 2011


On 16/06/2011 20:21, Sam Couter wrote:
> Ian Bardsley<ifb777 at tpg.com.au>  wrote:
>> Any of you networking/security gurus want to cobble together a
>> "Words of one Syllable" Network Security for Dummies presentation?
> Here's my one syllable Security for Dummies presentation on how to
> secure an Internet facing Linux (or any other OS) box: Don't.
> Seriously, if you don't know what you're doing, pay for commercial
> hosting. It's cheap, easy and reliable and the headaches are for someone
> else.

I was going to reply but Sam's response is better... the only other 
things I'd add are: simplicity is best, don't try to be too clever; 
follow common, well-reviewed designs; document your builds and critical 
data, because if and when you're compromised, you can trust nothing, 
including your backups.

However, I would suggest you examine your password and certificate 
management. Enforced minimum lengths, strength and expiration are all 
useful in mitigating the ability for someone to compromise and then use 
accounts. I don't think hosting services address that to any particular 

> For home, just about any consumer router will by default be relatively
> secure and capable of securing the rest of your network. It's probably
> running Linux too.

Air-gapping key assets is also useful. Just because you can add 
something to a network doesn't mean you should.





More information about the linux mailing list