On Mon, Apr 23, 2007 at 01:23:00AM -0700, Paul Johnson wrote: > Douglas Allan Tutty wrote in Article <[EMAIL PROTECTED]> posted > to gmane.linux.debian.user: > > > If I have two boxes, with two users, linked by ethernet and one box is > > on dial-up to the ISP, with nothing listening on external ports except > > the ntp daemon, what is a reasonable stance on security? > > Probably, yes. ?? >
> > Given that anyone who breaks into the house will have physical access to > > the consoles anyway, do I need a whiz-bang long root password, strong > > passwords on the regular uses, and all the other hypervigalance? > > Yes. It's not necessarily what's on the machine, but how it's resources can > be abused. Most spam is sent from compromised systems of various types. > But how does a strong password protect against a physical attack on the computer? If I find there's been a break into my home, I'll assume that they got into the computer. > > If ssh isn't even listening on external interfaces, does it matter if I > > allow root to ssh (useful for rsyncing backups between the boxes)? > > I would recommend against allowing root ssh just in case. It's not that > hard to sudo anyway. > But then how do I rsync the backups? For example, if I make it so that group adm can read everything, and I'm in group adm, should I just rsync it with my user name? OTOH, doesn't having group adm able to read the backups cause a decrease in security? If someone then gets adm access, they can read everything in the backups. I'm not arguing against good security practices, I'm arguing against a blanket knee-jerk response that my not add anything given a home setup. Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
