On Thursday 27 July 2006 06:46, Cody Nelson wrote:
Right now if someone got lucky and got into ssh they would automatically have access to my server. If I move it to vmware or find some way to chroot it, no ports have been opened, I only put in a layer.
Or if I add WebVPN so you would have a ssl into my network. And I would have port 22 closed from the outside.
So you close 22 and open up ssl? How does that help? SSL is no more secure than ssh. Probably less so. How do you envision someone "Getting Lucky"? If you don't allow password authentication via ssh and generate keys longer than 1024 they would have to use all your available bandwidth to brute force an attack, which is a self limiting situation, and one you would certainly detect since it will take several years with supercomputers. Chroots are scoffed at. They are easily broken. Vmware is not that secure either. Certainly no more secure than the underlying OS. Install SELinux, and stop ranting. -- _____________________________________ John Andersen