[nSLUG] my system was cracked!

Stephen Gregory nslug at kernelpanic.ca
Sat Jun 3 17:22:39 ADT 2006


On Sat, Jun 03, 2006 at 09:17:04AM -0300, ricardd at mathstat.dal.ca wrote:

Step One: calm down and relax. Have a coffee or a nice pot of
tea. Stuff like this happens.

If it is any consolation most computers on university networks that
aren't professionally administered are compromised. University
networks are wonderfully permissive, and the dorm rooms are packed
full of smart misfits.

There are dozens of things you could do to protect your computer. You
could apply all of them. Don't do that. Many so called protections
inconvinience you and nothing else. Relax, and think about the
problem. For every measure taken you need to consider: the risk that
the measure prevents; the threat of that risk; and the side effects of
the measure.



> - change the ssh listening port to something other than 22

You could do that, but then why bother running ssh? Moving the server
to a different port will just annoy you when you find yourself on a
system that only allows standard ports through the firewall. OpenSSH
(which most people use) is secure enough.


> - use strong passwords for everything (the postgres password was weak)

Define weak? Was "password" used as a password? Almost anything else
is probably strong enough. Brute forceing passwords over a network is
genereally not fast. Anything other then the obvious stupid passwords
are probably strong enough. Many people get hung up on enforcing
"strong" passwords but for remote access it is not an issue.


> - run a firewall

You are often better off configuring the services to only listen on
"localhost." Postgres can be configured this way. What other services
are running on the laptop? Do those services need to be accessible by
remote hosts? If not reconfigure the service.

I have seen too many firewall scripts that broke the network, but
offered no real protection. To complicate matters many distros enable
ipv6 and the linux ipv6 firewall not very good. 


-- 
sg

!DSPAM:4481ef91154632244979218!




More information about the nSLUG mailing list