From owner-freebsd-questions@FreeBSD.ORG Sun Jun 28 17:18:10 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 90B741065670 for ; Sun, 28 Jun 2009 17:18:10 +0000 (UTC) (envelope-from utisoft@googlemail.com) Received: from mail-ew0-f213.google.com (mail-ew0-f213.google.com [209.85.219.213]) by mx1.freebsd.org (Postfix) with ESMTP id 1B16B8FC0C for ; Sun, 28 Jun 2009 17:18:09 +0000 (UTC) (envelope-from utisoft@googlemail.com) Received: by ewy9 with SMTP id 9so3012569ewy.43 for ; Sun, 28 Jun 2009 10:18:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:reply-to:in-reply-to :references:from:date:message-id:subject:to:cc:content-type :content-transfer-encoding; bh=JRpLym9Fmd/H0unfuwAGD72Luq89EjEZ3tjiaC9JLk4=; b=K0bsEQXqObLt6XajbmL6KWnclaH8f2E3FGShvLJEgOkWM3/+/8ts1gWtOsLc7JyzeS uk6ub4CWm2420YPkghKq95TRUD7g/nwFoJzIT9lNgZIdLRxOOwHdQsteTRRrpLygqz+7 g7aSiIhio4nMyFgzdl9S3XtCfeioeZVZHsuC4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:reply-to:in-reply-to:references:from:date:message-id :subject:to:cc:content-type:content-transfer-encoding; b=YFlIkpmctf4v74+uGRY0g8uUOpgwrx9nFw/Ws9tzTUALYjx0QJ+1icWi8xigwkdflb q7UyF6H+Wvz22cad+wcctLvU6l3r8wju0yglCnSAYavyEMHKM4sirLcARc5GaHKqNZuJ dTmIWrijb4I1SYMtxmKaSMVx0SvNUHbJt6dgg= MIME-Version: 1.0 Received: by 10.216.8.65 with SMTP id 43mr1723802weq.168.1246209489077; Sun, 28 Jun 2009 10:18:09 -0700 (PDT) In-Reply-To: <20090628070348.8a07299b.freebsd@edvax.de> References: <4A4639B0.8080602@webrz.net> <4A467089.1040404@radel.com> <20090628070348.8a07299b.freebsd@edvax.de> From: Chris Rees Date: Sun, 28 Jun 2009 18:17:49 +0100 Message-ID: To: Polytropon Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: Jos Chrispijn , Jon Radel , Daniel Underwood , freebsd-questions@freebsd.org Subject: Re: Best practices for securing SSH server X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: utisoft@gmail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Jun 2009 17:18:10 -0000 2009/6/28 Polytropon : > On Sat, 27 Jun 2009 21:17:11 -0400, Daniel Underwood wrote: >> Exactly. =A0For example, the "server" in question is a desktop machine >> at work. =A0I regularly see transfer rates of 13MB/s. =A0It's at a major >> university, which is by itself another high-risk factor, precisely >> because there are so many (often weakly protected) high-speed >> connections. > > That's a valid point, and I'd like to add that there is some > consideration: Servers are usually protected with proper means. > This goes especially for UNIX servers. Desktops, on the other > hand, can more easily be taken over (especially non-UNIX machines), > so if an attacker got his foot inside a network, it's very > useful to him. There are even trading platforms where criminals > buy and sell whole networks of compromised PCs. Of course, > everything happening inside such networks should be seen as > what it is: a threat to security. Just imagine some "clever > guy" uses telnet inside such a network to configure the > server... > > You mean like the default alternative to SSH for "Windows" boxes? Gotta love their arrogance.... Chris --=20 A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in a mailing list?