On Tue, 4 Apr 2006 Valdis.Kletnieks@vt.edu wrote:
On Mon, 03 Apr 2006 23:16:40 +0200, Peter Dambier said:
Best is: You dont run anything that is not needed. If you run only a single application, your system is not worth the time it takes to hack it :)
For the benefit of people reading the archives in search of clue: There's a smiley on that, because Peter knows full well that the single biggest security problem on the Internet is boxes that are running one application, or end-user boxes, that aren't run in a secure manner because there's nothing of interest on the box.
though one application means a very simple host, firewall, audit: 1) its running smtp 2) its filtered to permit any -> tcp/25 tcp/25 -> any 3) its log auditor (offline on the log host of course) flags anything NOT smtp presume that smtpd is, of course, hardened and patched and looked-after properly... Sean is right, anything with an ip address is a target, perhaps not a focused target, but a target none-the-less. If it's on the internet take proper precautions.
If the box has an IP address, and an Internet connection, it's *always* of interest, if only as a zombie or a steppingstone box to launder a connection.
oh zombies... where would we be without thee?