[App_rpt-users] Security was Re: What is the "debian" user in the DIAL distro?

Steve Zingman szingman at msgstor.com
Thu Jun 8 13:29:33 UTC 2017 

Updated images will use Shorewall to "frontend" iptables

On 6/8/2017 9:27 AM, Bryan D. Boyle wrote:
> you beat me to it.
>
> thanks!
> -- 
> Bryan
> Sent from my iPhone 6S...No electrons were harmed in the sending of 
> this message.
>
>
>
> On Jun 8, 2017, at 08:26, Jeremy Utley <jerutley at gmail.com 
> <mailto:jerutley at gmail.com>> wrote:
>
>> UFW is really just a front-end for iptables.  You give instructions 
>> to UFW, it does the correct IPTables lines to make it happen.  
>> Firewalld on CentOS 7 is the same way.  Any network firewalling tool 
>> on Linux is going to be IPTables under the hood.
>>
>> Jeremy, NQ0M
>>
>> *From:* App_rpt-users 
>> [mailto:app_rpt-users-bounces at lists.allstarlink.org] *On Behalf Of 
>> *Loren Tedford
>> *Sent:* Thursday, June 8, 2017 3:13 AM
>> *To:* Users of Asterisk app_rpt <app_rpt-users at lists.allstarlink.org 
>> <mailto:app_rpt-users at lists.allstarlink.org>>
>> *Subject:* Re: [App_rpt-users] Security was Re: What is the "debian" 
>> user in the DIAL distro?
>>
>> Bryan What about the use of UFW?? I have been using ufw in place of 
>> iptables started that about 4 years ago.. Is their a known risk from 
>> ufw rather iptables?? I thought they had similar characteristics..
>>
>>
>> Loren Tedford (KC9ZHV)
>>
>> Phone:618-553-0806
>>
>> Fax: 1-618-551-2755
>> Email: lorentedford at gmail.com <mailto:lorentedford at gmail.com>
>>
>> Email: KC9ZHV at KC9ZHV.com <mailto:KC9ZHV at KC9ZHV.com>
>>
>> http://www.lorentedford.com <http://www.lorentedford.com/>
>>
>> http://www.kc9zhv.com <http://www.kc9zhv.com/>
>>
>> http://forum.kc9zhv.com <http://forum.kc9zhv.com/>
>>
>> http://hub.kc9zhv.com <http://hub.kc9zhv.com/>
>>
>> http://Ltcraft.net <http://ltcraft.net/>
>>
>> http://voipham.com
>>
>> On Wed, Jun 7, 2017 at 8:55 PM, Bryan D. Boyle <bdboyle at bdboyle.com 
>> <mailto:bdboyle at bdboyle.com>> wrote:
>>
>>     Based on tests that the security research arm of my company has
>>     run (well-known IT company that's been around for over a
>>     century...), the elapsed time that a system exposed to the
>>     network is discovered, probed, and if well-known vulnerable ports
>>     are detailed (and the scum or nation states who do this keep
>>     records), then attempted to be pwned is somewhere between a
>>     minute to a half hour.
>>
>>     Just for giggles, i spun up a pi with a sip server enabled
>>     connected to a second port on my router  and started a tail -f on
>>     the messages file and grepped for the sip daemon.  routed the sip
>>     port on my external router to the pi, a sat back. (there was no
>>     route from the pi to my internal network)
>>
>>     3 minutes till the first probe.  15 till the attempted pwning. 
>>     SIP was the only inbound port opened.  I just watched...and went
>>     on for an hour (no, they didn't take over the system, only ate up
>>     bandwidth, of which I am pretty ok with being on FTTH).  It's all
>>     automated.  don't even need human intervention for the probe,
>>     just to select the attack vectors when the automated system pops
>>     a live port selection.
>>
>>     Default SSH is NO guarantee. Allowing root access from an
>>     interactive login from the net port deserves to be punished.
>>     Bogus user passwords that are guessable should be cause for your
>>     isp to turn off your connection.   Moving to a different port is
>>     just attempted security through obscurity.   Open ports from the
>>     outside inbound that allow anyone on the network to connect will
>>     be probed and attempts (DoS, null sled, buffer overruns, etc) to
>>     subvert your system as a c&c node, bitcoin miner, email spam
>>     relay, porn repository, or whathaveyou is the goal.
>>
>>     After doing this since 1988 or so,  it's only the frequency that
>>     it happens that's changing, not that it's happening.
>>
>>     fail2ban is a good stopgap measure for ports that you positively
>>     HAVE to have exposed.  router firewall enabled and locked down?
>>      good.  iptables set up properly?  passwords NOT based on
>>     dictionary words or used for your other online activities? yeah,
>>     it's a pain. the alternative is your system being taken over and
>>     used for other purposes while you sleep.
>>
>>     Lots more you can do.  the basic mantra you should have is: "That
>>     which is not expressly permitted is prohibited".
>>     --
>>
>>     Bryan CISSP/CEH/CISM
>>
>>     Sent from my iPhone 6S...No electrons were harmed in the sending
>>     of this message.
>>
>>
>>     _______________________________________________
>>     App_rpt-users mailing list
>>     App_rpt-users at lists.allstarlink.org
>>     <mailto:App_rpt-users at lists.allstarlink.org>
>>     http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users
>>
>>     To unsubscribe from this list please visit
>>     http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users
>>     and scroll down to the bottom of the page. Enter your email
>>     address and press the "Unsubscribe or edit options button"
>>     You do not need a password to unsubscribe, you can do it via
>>     email confirmation. If you have trouble unsubscribing, please
>>     send a message to the list detailing the problem.
>>
>> _______________________________________________
>> App_rpt-users mailing list
>> App_rpt-users at lists.allstarlink.org 
>> <mailto:App_rpt-users at lists.allstarlink.org>
>> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users
>>
>> To unsubscribe from this list please visit 
>> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users 
>> and scroll down to the bottom of the page. Enter your email address 
>> and press the "Unsubscribe or edit options button"
>> You do not need a password to unsubscribe, you can do it via email 
>> confirmation. If you have trouble unsubscribing, please send a 
>> message to the list detailing the problem.
>
>
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at lists.allstarlink.org
> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users
>
> To unsubscribe from this list please visit http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
> You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20170608/5a4e9d40/attachment.html>

More information about the App_rpt-users mailing list