[asterisk-users] Securing Asterisk and your network
Jay R. Ashworth
jra at baylink.com
Thu Jun 12 08:53:53 CDT 2008
On Thu, Jun 12, 2008 at 08:41:18AM -0500, Lyle Giese wrote:
> Most recent hacks that I have first or second hand knowledge of
> came from ssh issues. Most inexperienced admins will expose ssh
> without using the 'allowgroups' option in their sshd_config and
> will get hacked by someone logging in via ssh using a system
> account with no password. The second thing to do with ssh is to
> move it to another port to keep the script kiddies from pounding on
> it. If there is a weak or missing password, they will find it.
This is true, and I'd forgotten to mention it.
Update your machine regularly, and always take security updates, even
if they cause breakage you have to chase down.
Additionally, you should install a brute-force-attack blocker:
http://www.la-samhna.de/library/brutessh.html
I like the tcp_wrappers version, but whatever suits you.
> An encrypted USB thumbdrive is also a good storage device for
> passwords. I use TrueCrypt and have the executable availble
> unencrypted on the thumbdrive so I could plug it into almost any
> machine and get to the encrypted data.
Though note that all currently extant hardware-secured thumbdrives are
snake oil.
I recommend Bruce Schneier's Password Safe (and not any of the other,
similarly named programs) if you feel the need to store a lot of
authentication credentials. Or get a BlackBerry and use theirs.
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra at baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com '87 e24
St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Those who cast the vote decide nothing.
Those who count the vote decide everything.
-- (Joseph Stalin)
More information about the asterisk-users
mailing list