[Gllug] [Fwd: SSH Security Advisory: Centos (and other distros)]
Hari Sekhon
hpsekhon at googlemail.com
Wed Jul 8 09:05:32 UTC 2009
James Hawtin wrote:
> On Wed, Jul 08, 2009 at 09:26:30AM +0100, Hari Sekhon wrote:
>
>> That was exactly my thought. You have a problem, so to fix it all you
>> have to do is go install some dodgy backdoored rpm from some site you
>> don't know...
>>
>
> I personally would recommend firewalling SSH to specified IP
> addresses/ranges for sensitive machines, as you never know when a day 0 will
> happen. Yes it just transfering risk somewhere else, but that somewhere is
> away from the things you care most about.
>
I do this as well, but for a system that may be used by remote workers
or customers from any random location this isn't always possible.
Worth doing for most systems if possible though. Or port knocking or
similar may be a better choice for the random src problem.
-h
--
Hari Sekhon
http://www.linkedin.com/in/harisekhon
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list