Re: [suse-security] Securing SuSE Linux 7.3 (fwd)
---------- Forwarded message ---------- Date: Thu, 23 May 2002 11:15:19 +0200 From: Albert Brandl <albert.brandl@lindeverlag.at> To: Markus Gaugusch <markus@gaugusch.at> Subject: Re: [suse-security] Securing SuSE Linux 7.3 On Tue, May 21, 2002 at 05:08:37PM +0200, Markus Gaugusch wrote:
dd if=/dev/sda of=/dev/sdb bs=16M You will have two problems with this: Minor: Only data lost during the last week can be restored. If you delete a file, go on holiday for two weeks and want to restore it later, there is no chance. Major: Changes in the filesystem during this "backup" will most likely ruin your copy ... !
Another problem is that this setup does not protect you against most disasters. If e.g. your computer catches fire, chances are that your second harddisk does not survive this. If someone carries your computer away, he/she won't leave the second disk so that you can restore from it. It's thus a good idea to save backups offsite. It's also crucial to have more than one backup - "Unix Backup & Recovery" (W. Curtis Preston, O'Reilly 1999) gives a very good introduction to the subject. There are several open source products for backing up stuff. If you want to use cdroms, see e.g. http://mondo.soureforge.net. We are using AMANDA for backing up to DAT and DLT tapes. AMANDA is also included in the SuSE distribution, see http://www.amanda.org for an introduction (I've found the FAQ-o-matic quite helpful for configuring my system). Best regards, Albert
Hi!
Another problem is that this setup does not protect you against most disasters. If e.g. your computer catches fire
You're right, but I didn't ask how to backup ;-) but how to secure the linux system against hackers, crackers and evil people (crackers included) in the world. Of course it's a problem when the computer catches fire. But what should I do? The computer will be hosted at a outsourced provider. I can't go there and say hello, may I do my weekly backup now :-) The webpages and databases itself are already backuped localy, but the system itself is not. I could only make a CD copy of the whole system, so I can restore the original system and then copy the backup of the webpages and databases to the sytem. Regards, Thomas
Hi! On Thu, May 23, 2002 at 05:30:01PM +0200, Thomas Föcking wrote:
You're right, but I didn't ask how to backup ;-) but how to secure the linux system against hackers, crackers and evil people (crackers included) in the world.
Of course it's a problem when the computer catches fire. But what should I do?
Someone hacking into your computer and typing "rm -rf /" has a similar effect to your machine catching fire. If he/she chooses to run "wipe" on some of the more important files before, you can be _sure_ that you won't be able to recover these data. The same is true if someone installs a trojan. If you don't have a clean backup of your data, you never know for sure what has been changed.
The computer will be hosted at a outsourced provider. I can't go there and say hello, may I do my weekly backup now :-)
The webpages and databases itself are already backuped localy, but the system itself is not. I could only make a CD copy of the whole system, so I can restore the original system and then copy the backup of the webpages and databases to the sytem.
This sounds reasonable to me. Mondo is quite easy to use for such purposes. Best regards, Albert
I wonder if some have setup a firewall with a Starband/Gilat2Home connection? My doubt comes because the stations have a windows based software called IPA, so I wanted to know if there are any considerations to follow. The local Gilat representatives are mostly Microsoft centric and newbie to Linux so are unhelpful....
I wonder if some have setup a firewall with a Starband/Gilat2Home connection? My doubt comes because the stations have a windows based software called IPA, so I wanted to know if there are any considerations to follow. The local Gilat representatives are mostly Microsoft centric and newbie to Linux so are unhelpful....
Quoting alengua <alengua@virtual-orbis.net>:
I wonder if some have setup a firewall with a Starband/Gilat2Home connection?
My doubt comes because the stations have a windows based software called IPA, so I wanted to know if there are any considerations to follow.
The local Gilat representatives are mostly Microsoft centric and newbie to Linux so are unhelpful....
Hi Alengua I flew to Israel late last year for a week to meet with Gilat as we were going to purchase one of their Earth Base stations. The answer is that the PCI card systems basically only work under windows as they use a special driver to break the TCP sessions up into a propriatory protocol that is NACK based rather that ACK based to better utilise the bandwith of a fixed speed/fixed latency link. If however you have one of the more expensive router devices, then you can happily run whatever OS you desire.. On the whole Gilat work very closely with Microsoft, and dont really aknowledge that other OS's exist which is a pity as they have some cool technology. (I was treated to a full tour of their facilities and test labs while in Tel Aviv) Cheers Nix@susesecurity.com
participants (5)
-
Albert Brandl -
alengua -
Markus Gaugusch -
Peter Nixon -
Thomas Föcking