Davrom Consulting Pty Ltd

Established Since 2001
PO Box 1644, Sunnybank Hills, Qld, 4109
ABN: 81 096 990 804


Site Time: 28 March 2024 - 12:31




Back to Newsletters

KEYWORDS=securing, remote, access, ssh, 22, vpn, pptp, spamassassin, DAVROM CONSULTING Newsletter - Issue # 33 - Dated: Wed Aug 23 10:35:24 EST 2006


From the desk of David Clark
Ok, who turned up the spam volume? - yes the war against spam goes on and
lately it seems to have increased. It is interesting to note that of the
domains we directly block for e-mail (don't even let them talk to us via
e-mail) those bogus domains starting with the letter "g" seem to be 10
times of those that start with 0-9, a-z.

Of late we have been replacing tape drives, Samba, IPSec tunnels for
branches, implementing anti-Spam features (SpamAssassin mainly) and working
with Cyberguard SnapGear solutions.

I would like to thank the reader for their time in reading this newsletter.

David.M.Clark


UNIX Quote
UNIX/Linux solutions - why pay heaps more and settle for less.


Securing remote access
A good username and password combination is still the best defence
against being hacked or identity misuse on the Internet and yet
surprisingly people still use usernames and passwords like "john" and
"john", whereas something like "john2006" and "y0u_w0nt_gu3ss" is a better
choice.

Most Internet gateways work well but we have found the SnapGear to be the
best for all our customer Internet needs. They provide a simple to use
setup but have great security and as they are not an operating system as
such (they are an OS on a chip), they can't get hacked like a standard
Linux/UNIX system.

This being said, if you have a port forward such as port 22 (for ssh) open
to an internal server, you might consider some further counter-measures to
protect that particular type of access to the particular server. I have
still seen hackers break into systems via port 22 (ssh) which has nothing
to do with the firewall, it is a loose security setup behind the firewall
that lets sites be compromised. This can happen regardless of the
firewall/gateway you use and I have worked with this first-hand with an
old el-cheapo firewall being used for Internet security.

In the case of port 22 (ssh) access a SnapGear, for instance, allows you to
easily change the incoming port for ssh to something other than port 22
which straight away kills off 99.9% of the hacker attempts and if you are
using ssh into a Linux or UNIX server, why not lock down ssh access on
the Linux/UNIX end as well. We use ssh to access sites but we also have a
rule on the Linux server to tell ssh to only trust our server - hacker
proofed.

Another main type of access is via port 23 (telnet) and is the most open of
all and is the hackers first port of choice due to it having no security
features other than your username and password. We don't recommend leaving
telnet open anywhere but if you really need to, change the incoming port as
stated in the previous paragraph to help reduce the risk of unwanted
access.

If you have remote branches and need to access servers/PCs/printers at
either end, the best security of all is a secure IPSec tunnel which will
allow a secure, traffic encrypted link between two or more branches without
needing to open up external ports on firewall. There is no fear then of
using standard telnet (port 23) between branches in this scenario. This
tunnel works over your existing ISP connection so there is no additional
cost unless you are looking at shipping vast amounts of data between the
two ends (such as server to server data backup) - some ISPs may be able
to offer some kind of deal if you are looking at site-to-site backups.

Most users who are either mobile or want to access their workplace from
home can do so using the standard PPtP (Point to Point Tunneling
Protocol) technologies for their respective operating system. You can use
the SourceForge PPtP-Client software for Linux if you have Linux on your
PC/Laptop, MS VPN Client (under Windows XP this is "Connect to the
network at my workplace" option) if you are using Microsoft Windows
and PiePants or digiTunnel for Macs. When using these clients it is
paramount you choose a good username and password for the VPN access.
Here again, SnapGears have a built-in PPtP server and client facility and
make remote access a breeze.


Some points to note

At the last SCO City to City 2006 seminar here in Brisbane we were
treated to a day of product announcements and initial setup training on
OpenServer 6. SCO have some new and innovative products coming out and
this one is sure worth a look if you want to keep customers/employees
updated with your current news - Me Inc.:

http://www.edgeclickpark.com/mobility/main.html


You have seem me write so much about SnapGears, why not visit their
website and check out their range of Internet based products:

http://www.securecomputing.com


From the Trenches
Some comic relief from the support days gone by.

Some years ago I had carefully modified our company server's /etc/profile
file which affects all user logins to the system. Happily completing my
changes I saved what I had done from within my text editor session (vi, yes
vi) and tested the login process - it worked just fine.

When I re-logged in - it didn't work.

Puzzled, I went back into the /etc/profile only to my horror to find that
my changes were gone. Again I typed in the text, saved the contents and
tested it at which my first login worked just fine.

When I re-logged in - it didn't work again and my changes were gone.

It was at this point a colleague looked across the desk and said, "Are you
changing the /etc/profile file?" to which I responded I was. We both
laughed as we realised that we were both doing the same thing to each
other, overwriting each others "version" of the /etc/profile file.

What was that expression about too many chefs?


Tech Tip

So what has changed in the last x days? Have you ever wanted to find
files or directories that were modified in the last x amount of days?
The following command will help you find files modified in the last 7
days:

find / -type f -mtime -7 -print

If you are not the root user then get rid of the error messages with:

find / -type f -mtime -7 -print 2>/dev/null

On the flip-side, if you wanted to find files older than 365 days you
would type:

find / -type f -mtime +365 -print

and if you are not the root user:

find / -type f -mtime +365 -print 2>/dev/null

To find directories modified in the last 7 days:

find / -type d -mtime -7 -print

and to find everything regardless:

find / -mtime -7 -print

Note the use of the "+" to show beyond the specified days and the "-" to
show within the specified days.

"find" is your best friend when it comes to finding things in UNIX/Linux.
You can also look at the "locate" command but "find" is still my all time
favourite.


Back to Newsletters



Website design by Davrom Consulting Pty Ltd
This site is fully tested with Google Chrome and Firefox web bowsers

Home Page | Support | Misc | David's Pages | Podcasts | Contact Us | Blog