[ Date Index ][
Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Kai Hendry wrote: | | This goes for many other log files too. So what if people are attacking | your server?
Urm last time they succeeded I got to spend a seventeen hour stretch (overnight) building a replacement - instead of other things like sleep, and a social life.
The whole point of reading log files is to make a server survive - if you aren't notified of what is going on - your missing one of the most important ways of defending the server.
SSH is currently under mechanical attack - this is obvious from anyone who checks their security log. You might also check the other accounts being attacked either don't exist or have suitably secure passwords.
Thus you MUST deny root login (I do this routinely anyway), as many of the attempts are for root.
Several admins, prompted by these attacks have switched from allowing password access to either key only, or ssh from restricted IPs only.
If you don't read the logs you wouldn't know these attacks were on the rise, and might not have the most appropriate security policy in place.
Like all reactive measures it isn't ideal, but you need some idea of the level of danger out and the types of attack to build a security policy.
| Most poignant attacks like DoS are very difficult to detect your end.
Fortunately you don't have to rebuild your servers after a DoS attack generally. And you don't have to measure service availability from "your end".
Simon -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
iD8DBQFBG9skGFXfHI9FVgYRAsyVAJ99KgSTjyErz+6sV9wWYy5QqzTEIgCfRwvL CGDW4xDe0/bw3xYMSrVJL54= =Jj2U -----END PGP SIGNATURE-----
-- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.