Re: Found, a new rootkit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


From: "Les Mikesell" <lesmikesell@xxxxxxxxx>

On Sat, 2006-04-01 at 10:28, Craig White wrote:

I hear people talk about the lack of security in Windows but it seems to
me, exposing a Linux system to the Internet with shell accounts and weak
passwords is far more insecure than a typical Windows system.

There's about 50,000 reasons you are wrong, mostly in the form
of windows viruses that attack the rpc and similar services.
On windows you don't need the equivalent of shell access since
you can do anything through the remote management console.  As
long as unpatched exploits exist (and they are still being
found), passwords don't matter.  Even without exploits, anything
running with domain admin privileges can do anything/anywhere
and if you don't have a domain the same is true for machines
that share the same admin password.  Thus even if the rpc,
netbios, and http ports are firewalled, if you can get an
admin to execute a trojan or open an email that auto-executes,
you've got access to the whole network.

Not that your point about bad passwords is any less valid...  The
missing piece on linux is an option to rate-limit password guessing
in ssh and automatically blacklist addresses that fail more than
a few times.  There are some add-on wrappers, but sshd should
do it by itself with some sane defaults.

Even more effective is firewall them off for too many "syn" attempts
in too little time. Then have a recovery function to handle brain dead
sales creatures by having the block decay away with time.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux