Back to Newsletters KEYWORDS=securing, remote, access, ssh, 22, vpn, pptp, spamassassin, DAVROM CONSULTING Newsletter - Issue # 33 - Dated: Wed Aug 23 10:35:24 EST 2006 From the desk of David Clark Ok, who turned up the spam volume? - yes the war against spam goes on and lately it seems to have increased. It is interesting to note that of the domains we directly block for e-mail (don't even let them talk to us via e-mail) those bogus domains starting with the letter "g" seem to be 10 times of those that start with 0-9, a-z. Of late we have been replacing tape drives, Samba, IPSec tunnels for branches, implementing anti-Spam features (SpamAssassin mainly) and working with Cyberguard SnapGear solutions. I would like to thank the reader for their time in reading this newsletter. David.M.Clark UNIX Quote UNIX/Linux solutions - why pay heaps more and settle for less. Securing remote access A good username and password combination is still the best defence against being hacked or identity misuse on the Internet and yet surprisingly people still use usernames and passwords like "john" and "john", whereas something like "john2006" and "y0u_w0nt_gu3ss" is a better choice. Most Internet gateways work well but we have found the SnapGear to be the best for all our customer Internet needs. They provide a simple to use setup but have great security and as they are not an operating system as such (they are an OS on a chip), they can't get hacked like a standard Linux/UNIX system. This being said, if you have a port forward such as port 22 (for ssh) open to an internal server, you might consider some further counter-measures to protect that particular type of access to the particular server. I have still seen hackers break into systems via port 22 (ssh) which has nothing to do with the firewall, it is a loose security setup behind the firewall that lets sites be compromised. This can happen regardless of the firewall/gateway you use and I have worked with this first-hand with an old el-cheapo firewall being used for Internet security. In the case of port 22 (ssh) access a SnapGear, for instance, allows you to easily change the incoming port for ssh to something other than port 22 which straight away kills off 99.9% of the hacker attempts and if you are using ssh into a Linux or UNIX server, why not lock down ssh access on the Linux/UNIX end as well. We use ssh to access sites but we also have a rule on the Linux server to tell ssh to only trust our server - hacker proofed. Another main type of access is via port 23 (telnet) and is the most open of all and is the hackers first port of choice due to it having no security features other than your username and password. We don't recommend leaving telnet open anywhere but if you really need to, change the incoming port as stated in the previous paragraph to help reduce the risk of unwanted access. If you have remote branches and need to access servers/PCs/printers at either end, the best security of all is a secure IPSec tunnel which will allow a secure, traffic encrypted link between two or more branches without needing to open up external ports on firewall. There is no fear then of using standard telnet (port 23) between branches in this scenario. This tunnel works over your existing ISP connection so there is no additional cost unless you are looking at shipping vast amounts of data between the two ends (such as server to server data backup) - some ISPs may be able to offer some kind of deal if you are looking at site-to-site backups. Most users who are either mobile or want to access their workplace from home can do so using the standard PPtP (Point to Point Tunneling Protocol) technologies for their respective operating system. You can use the SourceForge PPtP-Client software for Linux if you have Linux on your PC/Laptop, MS VPN Client (under Windows XP this is "Connect to the network at my workplace" option) if you are using Microsoft Windows and PiePants or digiTunnel for Macs. When using these clients it is paramount you choose a good username and password for the VPN access. Here again, SnapGears have a built-in PPtP server and client facility and make remote access a breeze. Some points to note At the last SCO City to City 2006 seminar here in Brisbane we were treated to a day of product announcements and initial setup training on OpenServer 6. SCO have some new and innovative products coming out and this one is sure worth a look if you want to keep customers/employees updated with your current news - Me Inc.: http://www.edgeclickpark.com/mobility/main.html You have seem me write so much about SnapGears, why not visit their website and check out their range of Internet based products: http://www.securecomputing.com From the Trenches Some comic relief from the support days gone by. Some years ago I had carefully modified our company server's /etc/profile file which affects all user logins to the system. Happily completing my changes I saved what I had done from within my text editor session (vi, yes vi) and tested the login process - it worked just fine. When I re-logged in - it didn't work. Puzzled, I went back into the /etc/profile only to my horror to find that my changes were gone. Again I typed in the text, saved the contents and tested it at which my first login worked just fine. When I re-logged in - it didn't work again and my changes were gone. It was at this point a colleague looked across the desk and said, "Are you changing the /etc/profile file?" to which I responded I was. We both laughed as we realised that we were both doing the same thing to each other, overwriting each others "version" of the /etc/profile file. What was that expression about too many chefs? Tech Tip So what has changed in the last x days? Have you ever wanted to find files or directories that were modified in the last x amount of days? The following command will help you find files modified in the last 7 days: find / -type f -mtime -7 -print If you are not the root user then get rid of the error messages with: find / -type f -mtime -7 -print 2>/dev/null On the flip-side, if you wanted to find files older than 365 days you would type: find / -type f -mtime +365 -print and if you are not the root user: find / -type f -mtime +365 -print 2>/dev/null To find directories modified in the last 7 days: find / -type d -mtime -7 -print and to find everything regardless: find / -mtime -7 -print Note the use of the "+" to show beyond the specified days and the "-" to show within the specified days. "find" is your best friend when it comes to finding things in UNIX/Linux. You can also look at the "locate" command but "find" is still my all time favourite. Back to Newsletters Website design by Davrom Consulting Pty Ltd This site is fully tested with Google Chrome and Firefox web bowsers Home Page | Support | Misc | David's Pages | Podcasts | Contact Us | Blog |