From owner-freebsd-questions@FreeBSD.ORG Sun Jun 28 05:03:58 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 74B77106564A for ; Sun, 28 Jun 2009 05:03:58 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx02.qsc.de (mx02.qsc.de [213.148.130.14]) by mx1.freebsd.org (Postfix) with ESMTP id 2D6958FC15 for ; Sun, 28 Jun 2009 05:03:58 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from r55.edvax.de (port-92-195-8-131.dynamic.qsc.de [92.195.8.131]) by mx02.qsc.de (Postfix) with ESMTP id 2E91F16C0242; Sun, 28 Jun 2009 07:03:55 +0200 (CEST) Received: from r55.edvax.de (localhost [127.0.0.1]) by r55.edvax.de (8.14.2/8.14.2) with SMTP id n5S53mZB001487; Sun, 28 Jun 2009 07:03:49 +0200 (CEST) (envelope-from freebsd@edvax.de) Date: Sun, 28 Jun 2009 07:03:48 +0200 From: Polytropon To: Daniel Underwood Message-Id: <20090628070348.8a07299b.freebsd@edvax.de> In-Reply-To: References: <4A4639B0.8080602@webrz.net> <4A467089.1040404@radel.com> Organization: EDVAX X-Mailer: Sylpheed 2.4.7 (GTK+ 2.12.1; i386-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: Jos Chrispijn , freebsd-questions@freebsd.org, Jon Radel Subject: Re: Best practices for securing SSH server X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Polytropon List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Jun 2009 05:03:58 -0000 On Sat, 27 Jun 2009 21:17:11 -0400, Daniel Underwood wrote: > Exactly. For example, the "server" in question is a desktop machine > at work. I regularly see transfer rates of 13MB/s. It's at a major > university, which is by itself another high-risk factor, precisely > because there are so many (often weakly protected) high-speed > connections. That's a valid point, and I'd like to add that there is some consideration: Servers are usually protected with proper means. This goes especially for UNIX servers. Desktops, on the other hand, can more easily be taken over (especially non-UNIX machines), so if an attacker got his foot inside a network, it's very useful to him. There are even trading platforms where criminals buy and sell whole networks of compromised PCs. Of course, everything happening inside such networks should be seen as what it is: a threat to security. Just imagine some "clever guy" uses telnet inside such a network to configure the server... -- Polytropon >From Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...