Security Basics mailing list archives
Re: security scenario
From: Frank Barton <pauling () starwolf biz>
Date: Fri, 31 Jan 2003 21:39:43 -0500
Personally, I'd even be inclined to say, No root logins over SSH. Think security in depth, If remote root over SSH is enabled, all someone has to do, is know the root password, said password could have been leaked earlier, or through other means. Now if remote root is disabled, the attacker has to know 2 passwords, 1 for an account that can su to root (limiting to a certain group is a Good Thing), and another to su to root. Also if the policy "No Remote Root Logins" is know to your admin staff, any attempts at a remote root login should immedietly send up red flags, whether in the Log files (which should be parsed ever so often) or even sendding messages to certain terminals. I have myself noticed 2 attempts by failed remote root logins. On Fri, Jan 31, 2003 at 04:38:56PM -0000, Trevor Cushen wrote:
Every unix hardening guide for all platforms mentions limiting the root access to console only, done via various methods based on the unix in question, /etc/default settings etc. Encrypting the root partition I wouldn't believe is an option as it would slow the machine a lot if the unix in question even allowed it and also it would fail the boot up in any unix system I have worked on. The best way is to have a strong password for root access and that access is via the machine console ONLY. Then impose good physical security for the machine along with the policy of logging out of the machine when not in use or unattended. All remote access to root should be via 'su' and over a secure method such as SSH. Trevor Cushen Sysnet Ltd www.sysnet.ie Tel: +353 1 2983000 Fax: +353 1 2960499 -----Original Message----- From: pasi.kivikangas () nokia com [mailto:pasi.kivikangas () nokia com] Sent: 30 January 2003 07:34 To: theog () theog org; security-basics () securityfocus com Subject: RE: security scenario Would be any help if the root partition (and why not other partitions as well) is encrypted? Ok, in that case the server must not re-boot. - PasiFrom: ext theog [mailto:theog () theog org] I agree , in my opinion , if someone got to the machine's keyboard , be it phisically or via a remote console device , he can do virtually anything , , in fact , the simplest thing to do (if I wanted to change the root for a machine I dont have the password for) is to boot with a linux cd , mount the root partition , then do chroot , and passwd , so ..... no point is having a************************************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this message in error please notify SYSNET Ltd., at telephone no: +353-1-2983000 or postmaster () sysnet ie **************************************************************************************
-- Frank Barton Starwolf.biz Systems Administrator
Attachment:
_bin
Description:
Current thread:
- RE: security scenario Trevor Cushen (Jan 31)
- Re: security scenario Johan De Meersman (Feb 03)
- <Possible follow-ups>
- Re: security scenario Frank Barton (Feb 03)
- RE: security scenario Trevor Cushen (Feb 05)
- Re: security scenario theog (Feb 05)