Mailinglist Archive: opensuse-security (175 mails)
| < Previous | Next > |
Re: [suse-security] A Relatively New Newbie looking for advice.
- From: earendil7@xxxxxxxx
- Date: Fri, 17 Sep 1999 10:57:04 -0700
- Message-id: <19990917.110001.-4011521.3.earendil7@xxxxxxxx>
On Fri, 17 Sep 1999 22:04:15 +0100 Brian Galbraith
<brian.galbraith@xxxxxxxxxxx> writes:
>
>I have been using SuSe Linux for a few months now, but only recently
>joined the Security List.
>
>I have been horrified to see the amount of scanning etc which goes on.,
and
>confess to have been shown to be totally ignorant as far as system
>security is concerned.
*shrug* :) as the internet wide audit lamented, this is the case even
with many experienced sysadmins and internet sites.
>
>I suspect that I may not be much at risk..but would appreciate
>comments and guidance where appropriate.
Read. read. read. Subscribe to every security mailing list you can, if
only to keep up on the exploits that wriggle out like earthworms on a
rainy day. There are also a few very good security HOWTOs out there -- or
if you're really masochistic, buy a book on network security.
>
>I am running a single work station at home. Networking is set up for
>ppp conection to the internet., only. I have a dynamic IP.
Limit the services you host; as a general rule, you can only be remotely
root exploited with whatever you choose to reveal (local users exploiting
your system are an entirely different can of worms). And above all,
monitor your logfiles, as most crackers (read: script kiddies) aren't
very subtle nor silent while they look for a lever into your box.
>
>Is there much chance of intrusion in my system,?
Depends. But if you're asking whether or not anonymity will protect you,
it will not. Crackers employ scanners that will search whole blocks of IP
numbers, looking for exploitable services.
>Are most attacks targeted?
Remote attacks designed to compromise your box are targeted against
specific services you run, but chances are your computer/IP is not
singled out for attack because the cracker doesn't like you.
>Is there anything I should be doing to minimise risk.
Well... an unplugged computer is completely secure ;)
>
>TIA
>
>Brian Galbraith
my bag of change-- hey, i figured if i waste my time reading security
type stuff, I might as well try and spread the knowledge. Just don't get
it in your head that i'm an expert or anything silly like that :)
dan
___________________________________________________________________
Get the Internet just the way you want it.
Free software, free e-mail, and free Internet access for a month!
Try Juno Web: http://dl.www.juno.com/dynoget/tagj.
<brian.galbraith@xxxxxxxxxxx> writes:
>
>I have been using SuSe Linux for a few months now, but only recently
>joined the Security List.
>
>I have been horrified to see the amount of scanning etc which goes on.,
and
>confess to have been shown to be totally ignorant as far as system
>security is concerned.
*shrug* :) as the internet wide audit lamented, this is the case even
with many experienced sysadmins and internet sites.
>
>I suspect that I may not be much at risk..but would appreciate
>comments and guidance where appropriate.
Read. read. read. Subscribe to every security mailing list you can, if
only to keep up on the exploits that wriggle out like earthworms on a
rainy day. There are also a few very good security HOWTOs out there -- or
if you're really masochistic, buy a book on network security.
>
>I am running a single work station at home. Networking is set up for
>ppp conection to the internet., only. I have a dynamic IP.
Limit the services you host; as a general rule, you can only be remotely
root exploited with whatever you choose to reveal (local users exploiting
your system are an entirely different can of worms). And above all,
monitor your logfiles, as most crackers (read: script kiddies) aren't
very subtle nor silent while they look for a lever into your box.
>
>Is there much chance of intrusion in my system,?
Depends. But if you're asking whether or not anonymity will protect you,
it will not. Crackers employ scanners that will search whole blocks of IP
numbers, looking for exploitable services.
>Are most attacks targeted?
Remote attacks designed to compromise your box are targeted against
specific services you run, but chances are your computer/IP is not
singled out for attack because the cracker doesn't like you.
>Is there anything I should be doing to minimise risk.
Well... an unplugged computer is completely secure ;)
>
>TIA
>
>Brian Galbraith
my bag of change-- hey, i figured if i waste my time reading security
type stuff, I might as well try and spread the knowledge. Just don't get
it in your head that i'm an expert or anything silly like that :)
dan
___________________________________________________________________
Get the Internet just the way you want it.
Free software, free e-mail, and free Internet access for a month!
Try Juno Web: http://dl.www.juno.com/dynoget/tagj.
| < Previous | Next > |