Hosting Provided By

Re: security scenario

From: Frank Barton <pauling(at)starwolf.biz>
Date: Fri Jan 31 2003 - 21:39:43 EST

Personally, I'd even be inclined to say, No root logins over SSH.

Think security in depth, If remote root over SSH is enabled, all someone has to do, is know the root password, said password could have been leaked earlier, or through other means. Now if remote root is disabled, the attacker has to know 2 passwords, 1 for an account that can su to root (limiting to a certain group is a Good Thing), and another to su to root.

Also if the policy "No Remote Root Logins" is know to your admin staff, any attempts at a remote root login should immedietly send up red flags, whether in the Log files (which should be parsed ever so often) or even sendding messages to certain terminals. I have myself noticed 2 attempts by failed remote root logins.

On Fri, Jan 31, 2003 at 04:38:56PM -0000, Trevor Cushen wrote:
> Every unix hardening guide for all platforms mentions limiting the root

-- 
Frank Barton
Starwolf.biz Systems Administrator

application/pgp-signature attachment: stored

Received on Mon Feb 3 13:47:44 2003

This message: [ Message body ]
Next message: Bill: "Proxy+ Trojan"
Previous message: Mike Dresser: "Re: VNC"
In reply to Trevor Cushen: "RE: security scenario"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:03:41 EDT

Do you need help?