Re: Wow - is SuSE hard to configure! - Suse

This is a discussion on Re: Wow - is SuSE hard to configure! - Suse ; Chris Cox wrote: > It will help prevent you from getting common DDOS style attacks and > your firewall logs will be much smaller. 'Script Kiddies' now > included some pretty sophisticated bots/programs. You can either > take the attitude ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: Re: Wow - is SuSE hard to configure!

  1. Re: Wow - is SuSE hard to configure!

    Chris Cox wrote:
    > It will help prevent you from getting common DDOS style attacks and
    > your firewall logs will be much smaller. 'Script Kiddies' now
    > included some pretty sophisticated bots/programs. You can either
    > take the attitude of 'bring em on', or 'nothing to see here, move
    > along'. I prefer the latter.


    I still do think it doesn't make the system more secure. As I explained,
    I do something like this with ssh, but NOT because of safety or
    security. If that is what you think you are getting, a more secure
    system, you are wrong.

    houghi
    --
    It's people. Source code is made out of people! They're making our
    source out of people. Next thing they'll be breeding us like cattle
    for code. You've gotta tell them. You've gotta tell them!

  2. Re: Wow - is SuSE hard to configure!

    houghi wrote:
    > Chris Cox wrote:
    >> It will help prevent you from getting common DDOS style attacks and
    >> your firewall logs will be much smaller. 'Script Kiddies' now
    >> included some pretty sophisticated bots/programs. You can either
    >> take the attitude of 'bring em on', or 'nothing to see here, move
    >> along'. I prefer the latter.

    >
    > I still do think it doesn't make the system more secure. As I explained,
    > I do something like this with ssh, but NOT because of safety or
    > security. If that is what you think you are getting, a more secure
    > system, you are wrong.


    I think your sense of security is warped (big time). So your opinion
    is to put up signs throughout your neighborhood with pictures of
    all the great stuff inside of your house??? Of course not. Why
    would you WANT to invite attackers??

    Way too much is learned/discovered from a pingable port. Again,
    I'm talking security 101. If you're doing something beyond
    that... great... you should, but if you're not doing at least
    that, you're insane.

    (unless you like large firewall logs, etc... which I do know some
    security admins who do dumb stuff like this intentionally.... just
    for their own kicks... but they do so with clear intent knowing
    the risks)

  3. Re: Wow - is SuSE hard to configure!

    Chris Cox wrote:
    > I think your sense of security is warped (big time). So your opinion
    > is to put up signs throughout your neighborhood with pictures of
    > all the great stuff inside of your house??? Of course not. Why
    > would you WANT to invite attackers??


    I think you are not understanding what I think security is. If your
    system is secure, it is secure. If it is not, it isn't. Wether it is
    pingable or not does not make it more or less secure.

    Yes, all the other reasons are valid, yet security is not one of them.

    An extremely stupid example to clarify.

    I put a machine online with ssh and not one user needs a password,
    including root. This means that the moment you do `ssh
    root@example.com` you have root access. Again, just as an example. I
    would never do that and it would require work to get it done like that.

    If I have it pingable, I might be hacked faster then when I have my
    machine not pingable. I agree there. Yet the fact that it gets hacked is
    just a matter of time and from a security point it does not realy matter
    wether this happens in 3 minutes or 3 months.

    I do not call a machine more secure if it takes 3 months instead of 3
    minutes to hack. So security, for me, is not the correct reason to
    disable ping. If you are wories about ddos, logfiles and such, yes, that
    is a good reason. Yet security _of your machine_ is not one of them.

    To me security is like pregnancy. Either you are or you ain't. You can't
    be it a little bit.

    houghi
    --
    At the source of every error which is blamed on the computer you will
    find at least two human errors, including the error of blaming it on
    the computer.

  4. Re: Wow - is SuSE hard to configure!

    houghi wrote:
    > Chris Cox wrote:
    >> I think your sense of security is warped (big time). So your opinion
    >> is to put up signs throughout your neighborhood with pictures of
    >> all the great stuff inside of your house??? Of course not. Why
    >> would you WANT to invite attackers??

    >
    > I think you are not understanding what I think security is. If your
    > system is secure, it is secure. If it is not, it isn't. Wether it is
    > pingable or not does not make it more or less secure.
    >
    > Yes, all the other reasons are valid, yet security is not one of them.


    You have to be the most thick headed belligerent people of all time!
    Do you kick your dog daily? Sheesh. I mean, you basically agree
    in principle, but your attitude is to always attack and try to
    put everyone the defensive. Chill out. Ok?


    >
    > An extremely stupid example to clarify.
    >
    > I put a machine online with ssh and not one user needs a password,
    > including root. This means that the moment you do `ssh
    > root@example.com` you have root access. Again, just as an example. I
    > would never do that and it would require work to get it done like that.
    >
    > If I have it pingable, I might be hacked faster then when I have my
    > machine not pingable. I agree there. Yet the fact that it gets hacked is
    > just a matter of time and from a security point it does not realy matter
    > wether this happens in 3 minutes or 3 months.


    You are correct. The pingable system could be hacked in seconds (almost
    guaranteed btw). An unpingable system might not be found for YEARS (if
    ever).

    >
    > I do not call a machine more secure if it takes 3 months instead of 3
    > minutes to hack. So security, for me, is not the correct reason to
    > disable ping. If you are wories about ddos, logfiles and such, yes, that
    > is a good reason. Yet security _of your machine_ is not one of them.
    >
    > To me security is like pregnancy. Either you are or you ain't. You can't
    > be it a little bit.


    If you're systems are pingable, you are foolish. And you basically
    agree with that, but because you are apparently incapable of having
    a civil discussion, you post a lot of stuff that, while somewhat
    reasonable (and certainly very basic security), it's has nothing
    to do with your statement:

    > Understand that truning off ping does not make your system more secure.
    > It makes it unable to ping. You might fool some scriptkiddies, who are
    > of no danger anyway.


    My point was simply that turning off ping is the FIRST step with an
    internet facing device. You make it sound like it does nothing, when in
    fact, it does A LOT. Again, it's security 101 (your claims about this
    NOT having ANYTHING to do with security is WRONG). I just don't
    want folks to get the wrong idea by your quote above (which is incorrect
    actually in several ways).

    Is it all you need to do?... of course not. But I think this thread
    would digress too far way from the OP if you want to talk about
    everything one might/should do to secure a device.

  5. Re: Wow - is SuSE hard to configure!

    houghi wrote:
    >Chris Cox wrote:
    >> I think your sense of security is warped (big time). So your opinion
    >> is to put up signs throughout your neighborhood with pictures of
    >> all the great stuff inside of your house??? Of course not. Why
    >> would you WANT to invite attackers??


    >I think you are not understanding what I think security is. If your
    >system is secure, it is secure. If it is not, it isn't. Wether it is
    >pingable or not does not make it more or less secure.


    >Yes, all the other reasons are valid, yet security is not one of them.


    >An extremely stupid example to clarify.


    >I put a machine online with ssh and not one user needs a password,
    >including root. This means that the moment you do `ssh
    >root@example.com` you have root access. Again, just as an example. I
    >would never do that and it would require work to get it done like that.


    >If I have it pingable, I might be hacked faster then when I have my
    >machine not pingable. I agree there. Yet the fact that it gets hacked is
    >just a matter of time and from a security point it does not realy matter
    >wether this happens in 3 minutes or 3 months.


    >I do not call a machine more secure if it takes 3 months instead of 3
    >minutes to hack. So security, for me, is not the correct reason to
    >disable ping. If you are wories about ddos, logfiles and such, yes, that
    >is a good reason. Yet security _of your machine_ is not one of them.


    >To me security is like pregnancy. Either you are or you ain't. You can't
    >be it a little bit.


    Well then, you are not secure. A supposedly secure machine is
    one whose vulnerabilities have not yet been found.

    --
    --- Paul J. Gans

  6. Re: Wow - is SuSE hard to configure!

    Paul J Gans wrote:
    > Well then, you are not secure. A supposedly secure machine is
    > one whose vulnerabilities have not yet been found.


    Well, what _vulnerabilities_ have been found? It is about finding the
    vulnerabilities, not about finding the machine. ;-)

    houghi
    --
    At the source of every error which is blamed on the computer you will
    find at least two human errors, including the error of blaming it on
    the computer.

  7. Re: Wow - is SuSE hard to configure!

    Chris Cox wrote:
    > You have to be the most thick headed belligerent people of all time!


    Thank you, I guess.

    > You are correct. The pingable system could be hacked in seconds (almost
    > guaranteed btw). An unpingable system might not be found for YEARS (if
    > ever).


    I am pinhable and am not hacked. I have seen unpingable machines being
    hacked.

    > If you're systems are pingable, you are foolish. And you basically
    > agree with that, but because you are apparently incapable of having
    > a civil discussion, you post a lot of stuff that, while somewhat
    > reasonable (and certainly very basic security), it's has nothing
    > to do with your statement:


    Wether or not it is foolish is another discusion. A non-pingable system
    is not safer. Not being pingable does not make your system more secure.

    > My point was simply that turning off ping is the FIRST step with an
    > internet facing device. You make it sound like it does nothing, when in
    > fact, it does A LOT.


    It does a lot, I agree.

    > Again, it's security 101 (your claims about this
    > NOT having ANYTHING to do with security is WRONG). I just don't
    > want folks to get the wrong idea by your quote above (which is incorrect
    > actually in several ways).


    So please tell me how a non-pingable system is safer against specific
    attacks. e.g. you have a blog running that has a hole in it as large as
    whatever large hole you can imagine and then some.

    So how does it not being pingable make that hackable blog suddenly
    unhackable? What I know is that the system is just as hackable (or
    unhackable) as before. The amount of TRIES will be different, yet I do
    not measure my security in failed attempts. I count them in succeeded
    attempts. And wether that is one in 50.000 tries or one in one try has
    no importance to me.

    > Is it all you need to do?... of course not. But I think this thread
    > would digress too far way from the OP if you want to talk about
    > everything one might/should do to secure a device.


    It isbn't because of security you turn off pinging. It is because of
    DDOS, because of clean logs, because of many reasons, but NOT because of
    security.

    houghi
    --
    At the source of every error which is blamed on the computer you will
    find at least two human errors, including the error of blaming it on
    the computer.

+ Reply to Thread