Security basics
Karl Larsen
k5di at zianet.com
Thu Oct 4 12:39:27 UTC 2007
Lamar Owen wrote:
> On Wednesday 03 October 2007, Karl Larsen wrote:
>
>> This whole line of reasoning is false. I don't care if Hacker, the
>> bad guy, gets on my computer with ssh. He then needs to come up with a
>> valid login name and password. If he fails at this in some set time it
>> all quits.
>>
>
>
>> Until you can convince me that my system is at risk from ssh when
>> using a real password I am going to sleep well.
>>
>
> Go to www.cert.org and search for "SSH vulnerability" and understand that,
> while those holes have been patched, there will be other holes found.
>
> Buffer overflows impact your security. SELinux does mitigate their impact to
> a degree, as long as it's enabled and set to enforcing; but in the specific
> case of ssh that won't help a great deal.
>
> To summarize the holes: over the years, remote execution vulnerabilities due
> to program bugs have been found and patched; the fact that there have been
> bug of this nature found implies strongly that there are unpatched bugs in
> the code now that have not been discovered (or if they've been discovered,
> the knowledge hasn't been disseminated); holes must be assumed.
>
> Security is never absolute; and is best done in layers, and as a continuous
> process. I'm not going to say that I know everything there is to know about
> it; no one does. Nor am I going to say that my systems are invulnerable; no
> ones are (unless they're turned off and unplugged). But I have learned a few
> things in my several years experience in the field; layered security is one
> of them.
>
> The degree of usability of a system and the degree of security of a system are
> inversely proportional.
>
Right this moment someone is trying to hack into THIS system. The
Internet traffic shows me this. I am growing tired of the ssh thing
since I'm a desktop user. This never needs ssh. I think I will turn it off.
--
Karl F. Larsen, AKA K5DI
Linux User
#450462 http://counter.li.org.
More information about the users
mailing list