TIP: Click on subject to list as thread! ANSI
echo: rberrypi
to: CHRIS GREEN
from: ALISTER
date: 2018-01-05 08:58:00
subject: Re: screen resolution as
On Thu, 04 Jan 2018 19:11:16 +0000, Chris Green wrote:

> The Natural Philosopher  wrote:
>> On 04/01/18 11:47, Axel Berger wrote:
>> > Chris Green wrote:
>> >> What do you mean by 'external LAN interface'?
>> >
>> > Your router does connect you to the Internet, doesn't ist? External
>> > administration is so "convenient" and "comfortable" that it may be
>> > offered by default and if not your security need not be worth much.
>>
>> No. External administration is not offered by defaukt on a second hand
>> Cisco 527W
>>
>>
>> > On the other hand, getting at you that way will require knowledge and
>> > effort. I expect you to be safe just because nobody as qualified
>> > would consider it worth his time to look at your PI experiments. Now,
>> > if you hosted a sizeable customer database there of ran a political
>> > website ...
>> >
>> >
>> Even there, its surprsinsing how resileinet one can be. I do run a very
>> public websitre
>>
>> Have a look at what was happening in October...
>>
>> ...a massive increase in traffic TO the server...
>>
>> Till I got bored with the huge logs and firwalled out the fruitless
>> attempts to log in as root with every possible password.
>>
>> Hint to hackers. Root login is in any case disallowed. Even with the
>> roopt password.
>>
>> My point is that even with a relatively high profile and exposed
>> machine that has sshd enabled to all comers, they couldnt hack the
>> thing in a month of trying.
>>
>> Whereas I know of people with varoius 'web tools' like joomla who were
>> hacked every few DAYS
>>
> Yes, it's amazing how many hits an open ssh port gets!  :-)
>
> I have mine set up to only allow connections from two outside sites
> where I have ssh login accounts.  Thus I connect from 'somewhere' to one
> of these two accounts and then from there to my home system.

I would only allow SSH access from the outside using DSH/RSH key
authentication, possibly even changing the port even though that should
not be considered a security measure in its own right.

personally I prefer to have a VPN tunnel into my network again protected
by key/certificate rather than password.




--
'It's time to-'
'Prod buttock, sir?' said Carrot, hurriedly.
'Close,' said Vimes, taking a deep drag and blowing out a smoke ring,
'but no cigar.'
(Feet of Clay)

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | FidoUsenet Gateway (3:770/3)
SOURCE: echomail via QWK@docsplace.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.