DaemonForums  

Go Back   DaemonForums > Miscellaneous > General software and network

General software and network General OS-independent software and network questions, X11, MTA, routing, etc.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 10th January 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default Newbie guide to operating services on the Internet

Today, on OpenBSD's misc@ mailing list, a poster discovered that his new OpenBSD installation had been rapidly compromised. Nick Holland posted the following short essay in reply.

I thought it was a brilliant response.

While you may not feel Mr. Holland's recommendations apply to you (and your skills, real or perceived), his point that mismanaged or mis-configured services can cause harm to others on the Internet is absolutely pertinent.

The entire post is here, and the thread begins here.

Quote:
> Ideas are going to be really appreciated, because i am not a technical guy.

ok, this is the unpopular answer, but here it is anyway: Stop. You should not be running your own web and mail server.

Years ago, I used to say that I could make a good case that anyone running a mail server or DNS server should require a license, for much the same reason as one should have a driver's license to drive on public roads: to indicate you have some minimum level of skill so you don't hurt others on the road....

...I exempted running a webserver because I felt that your average website was "safe" to other people...kinda like painting your own car -- you may do a lousy job, but no one has to look at your car/site. Well, these days of web applications pretty much means I was wrong, and yes, they are just as able to harm others on the Internet as mail and dns servers -- maybe even more so these days. If you don't know how to track down what happened -- and more importantly, don't know how to KEEP it from happening in the first place -- you should not be running services on the Internet. Using OpenBSD does not render your system unbreakable, any more than putting a five year old behind the wheel of a "safe" car makes them or the world "safe"....

...if you expose a service, you are under CONSTANT attack, if you have any kind of vulnerability, it WILL be exploited, and rather soon.
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Disabling Services Not Needed EverydayDiesel OpenBSD Security 10 25th January 2010 01:20 PM
start stop services ? smooth187 OpenBSD General 4 31st August 2008 01:00 AM
Newbie-friendly "printing in OpenBSD" guide wanted Shagbag OpenBSD Packages and Ports 5 7th July 2008 09:26 PM
Questions about my home configuration services aleunix OpenBSD Security 9 12th June 2008 01:54 PM
Learn which services are listening on your box anomie Guides 5 14th May 2008 09:59 AM


All times are GMT. The time now is 12:11 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick