[ Date Index ][
Thread Index ]
[ <= Previous by date /
[ Next by date /
thread => ]
Re: [LUG] Server intrusions
-----BEGIN PGP SIGNED MESSAGE-----
Kai Hendry wrote:
| This goes for many other log files too. So what if people are attacking
| your server?
Urm last time they succeeded I got to spend a seventeen hour stretch
(overnight) building a replacement - instead of other things like sleep,
and a social life.
The whole point of reading log files is to make a server survive - if
you aren't notified of what is going on - your missing one of the most
important ways of defending the server.
SSH is currently under mechanical attack - this is obvious from anyone
who checks their security log. You might also check the other accounts
being attacked either don't exist or have suitably secure passwords.
Thus you MUST deny root login (I do this routinely anyway), as many of
the attempts are for root.
Several admins, prompted by these attacks have switched from allowing
password access to either key only, or ssh from restricted IPs only.
If you don't read the logs you wouldn't know these attacks were on the
rise, and might not have the most appropriate security policy in place.
Like all reactive measures it isn't ideal, but you need some idea of the
level of danger out and the types of attack to build a security policy.
| Most poignant attacks like DoS are very difficult to detect
Fortunately you don't have to rebuild your servers after a DoS attack
generally. And you don't have to measure service availability from "your
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe.