ftp configuration clarification

Doug Sutherland doug at proficio.ca
Sat Jun 30 13:05:38 EDT 2007


Chuck,

I once logged into one of my linux boxes and found a home directory
for someone called dave, who intalled stuff that goes out on the net
and scans other machines. This is very serious business. That means
my machine is actually doing the scanning. Nobody with any brains
does hacking from their own machine, they log in five, ten or more
machines deep. The topic of detecting breaches is a very deep one,
and if I was to have any ports pemanently open I'd look into
software that monitors changes to files like tripwire or similar. Also
set up firewall with logging rules.

I have been hacked more than once, trust me it is not fun. Hackers
look for easy entry. It's just like home security, they say you should
have bars on your basement windows not because they are
unbreachable but because they are deterrent, they make the
criminals go to someone else's home without bars. Same is true for
network security, don't make it easy for them. If you ask any security
guru they will say there is no such thing as guaranteed network security.
It is a trade off of risk versus cost, where cost is the effort expended in
securing your system. The only way to be truly secure is too be off the
net. Not viable for most but having ports open when you don't to is an
invitation. If you do that, get on security alert lists and follow the known
exploits, update your network software (dns, ftp, etc) as soon as new
versions are created to fix exploit bugs.

  -- Doug





More information about the Speakup mailing list