[App_rpt-users] Server Security

Bryan St Clair bryan at k6cbr.us
Tue Sep 4 16:38:41 UTC 2018 

A secure and unique password should be step 1.

For most who don't accept incoming connections on their home network,
(meaning no opened ports on the router -- Using NAT) you are very secure.

Still good practice to make a complex password and a different ssh port.

On Tue, Sep 4, 2018, 09:15 Mike <mm at midnighteng.com> wrote:

> While I don't have time to get into a in depth discussion on this,
> I just want to raise awareness with those that read.
>
>  From time to time I remind some folks about some security issues.
>
> It is normally said to anyone to change your ssh port in your first
> steps, and most will do that if they know how, but if you don't, please
> ask someone as it is important.
>
> The latest ASL package has a nice working firewall that can be enabled
> from a command line menu (asl-menu) and there is no excuse for not
> enabling this. But I encourage you to do it in the first steps of your
> install. You may need to re-run the scripts from the menu as your port
> usage changes, but it's still a simple thing to do, even if your command
> line skills are low. The dev team did well on this. It's easy !
>
> The reason I am encouraging you to do this in your first steps, within
> hours of your install is that I am seeing faster much more craftier
> hacks that do not do much more than watch as the server goes up and
> capture ssl data and or passwords, but take no initial actions.
> Only to come back later and use that data. Really just have their way
> with it.
> Whole disk back-ups may not be effective in restoring because the
> sleeper software may be captured in the backup, so you may just be
> giving them a easy in the next time.
>
> Back-up your important conf files separately, no matter what other
> method you use.
>
> Marking the 'bad guys' by IP with repetitive rejected attempts is
> starting to fail for me on certain servers unrelated to ASL because they
> seem to have a unlimited supply of IP's they can use. They don't use the
> same IP often the same day, but hit the server twice a minute.
> (many hacked systems just become a launching point to hack others and
> use your IP).
>
> While I have not seen one of these attacks to any of my ASL servers, I
> know it's coming.
>
> I spent the weekend figuring this last one out.
> So I remind many of you to take action 'without delay' and do those
> basic things to at least slow the progress of hacks.
>
> 1 - change your ssh port
> 2 - Turn on your firewall and do not enable ports not used.
> 3 - do not use/enable FTP or the ports for it. SFTP is the only method
> you should be using.
> 4 - Back-up your important conf files/scripts separately, no matter what
> other method you use.
>
> That will at least slow/stop many amateurs that are working from a how2
> they found on the web. Often, when your system is compromised, it may
> continue to run as always while they just use it to hack other systems,
> so, if you can keep a eye on your cpu/bandwidth usage to see when
> something is not normal is a great help.
>
> While doing 'loss prevention', I have been thinking about how to best
> defend our ASL servers going forward. Do to the nature of our
> international connections, I am thinking we just need to create and
> maintain a whitelist of IP's to the 'system IP Tables' as a whole, not
> asterisk only. It should be easy since the IP list is shared as it is,
> and we just need to add other outside services IP's to that.
>
> But I'm still thinking on it. Perhaps this note will encourage others to
> think on it as well. These things always get worse, not better.
> I may write/experiment with this 'whitelist' idea this winter, but be
> aware, if you are not defending your system, you make it all the easier
> to hack others as well. Just because your system is running as intended
> does not mean it has not been compromised.
>
> 73,
> ...mike/kb8jnm
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at lists.allstarlink.org
> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users
>
> To unsubscribe from this list please visit
> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users and
> scroll down to the bottom of the page. Enter your email address and press
> the "Unsubscribe or edit options button"
> You do not need a password to unsubscribe, you can do it via email
> confirmation. If you have trouble unsubscribing, please send a message to
> the list detailing the problem.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20180904/788c8cb5/attachment.html>

More information about the App_rpt-users mailing list