On Wed, 2005-12-14 at 13:31 -0500, Scot L. Harris wrote: > On Wed, 2005-12-14 at 13:05, Bob Chiodini wrote: > > > Edward, > > > > I have to agree with Scot. If you are a home user, lock everything down > > behind a firewall. I opened up SSH and IMAPS while I was traveling > > earlier this year and within 2 hours I was getting hammered by machines > > on the internet trying to access my machine via SSH. > > > > For home users one of the cheap Netgear or Linksys routers/firewalls do > a good job. If you want to learn more, setting up a separate box as a > firewall can be good but you will need to spend more time researching > and monitoring such a system than one of the cheap devices mentioned > above. > > Search the list for several threads discussing ssh security. (disallow > root login, limit the users that can connect, use strong passwords, use > keys if possible, consider using different port than 22 for ssh) This > is true regardless of using a firewall or not. > > > > I'll bet Scot has a generator though. Judging by his IP address, I bet > > he was without power a lot during last hurricane season :-) > > This year they missed us here. But last year the generator did come in > handy for a few weeks. Have had one for several years. But my ISP was > down at the same time so no network connectivity. There for about a > week there was also no land line phones or cell phone access as well. > :) > > Those with generators, I also recommend installing a transfer switch. > This allows you to provide power to specific circuits in the house > without stringing extension cords all over and without back feeding the > power grid. > > I needed open SSH since I did not know what IP address I would be coming from. Once known and verified that it was not changing I locked my router up. It's a Dlink, and so far has been very good to me. We had dialtone and DSL during the storms of 2004. The generator kept power up for the essentials: fans, fridge, TV (until the dish blew down) and computers. 'nuff said. Bob...
