View Single Post
  #1   (View Single Post)  
Old 10th January 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
Join Date: May 2008
Location: USA
Posts: 6,423
Default Newbie guide to operating services on the Internet

Today, on OpenBSD's misc@ mailing list, a poster discovered that his new OpenBSD installation had been rapidly compromised. Nick Holland posted the following short essay in reply.

I thought it was a brilliant response.

While you may not feel Mr. Holland's recommendations apply to you (and your skills, real or perceived), his point that mismanaged or mis-configured services can cause harm to others on the Internet is absolutely pertinent.

The entire post is here, and the thread begins here.

> Ideas are going to be really appreciated, because i am not a technical guy.

ok, this is the unpopular answer, but here it is anyway: Stop. You should not be running your own web and mail server.

Years ago, I used to say that I could make a good case that anyone running a mail server or DNS server should require a license, for much the same reason as one should have a driver's license to drive on public roads: to indicate you have some minimum level of skill so you don't hurt others on the road....

...I exempted running a webserver because I felt that your average website was "safe" to other people...kinda like painting your own car -- you may do a lousy job, but no one has to look at your car/site. Well, these days of web applications pretty much means I was wrong, and yes, they are just as able to harm others on the Internet as mail and dns servers -- maybe even more so these days. If you don't know how to track down what happened -- and more importantly, don't know how to KEEP it from happening in the first place -- you should not be running services on the Internet. Using OpenBSD does not render your system unbreakable, any more than putting a five year old behind the wheel of a "safe" car makes them or the world "safe"....

...if you expose a service, you are under CONSTANT attack, if you have any kind of vulnerability, it WILL be exploited, and rather soon.
Reply With Quote