LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Brute-Force SSH Server Attacks Surge (InformationWeek)

Brute-Force SSH Server Attacks Surge (InformationWeek)

Posted May 15, 2008 15:33 UTC (Thu) by bronson (subscriber, #4806)
In reply to: Brute-Force SSH Server Attacks Surge (InformationWeek) by ekj
Parent article: Brute-Force SSH Server Attacks Surge (InformationWeek) 

Hm, are you saying that worrying about running services is silly because there are so many
more reliable ways of rooting a box?  If so, I have two replies:

- Running services have always been most effective way of remoting a box.  They are the 1:100
number you quoted.

- Disregarding a 1:100000 chance event might make sense on some level.  The problem is that
Linux deployments are immense and the downside of having your box rooted is so enormous.  If
36,000 Linux boxes will be compromised this year, and a particular running service is
responsible for only 60 of those breakins, it sounds like you're saying that the service is
statistically insignificant and can be ignored.

That might keep the statisticians happy but I think it is clearly wrong.  At least, I hope
that the distros I use don't feel that way!

(Log in to post comments)

Brute-Force SSH Server Attacks Surge (InformationWeek)

Posted May 16, 2008 6:00 UTC (Fri) by ekj (subscriber, #1524) [Link] 

Nah. We don't really disagree. I'm just nitpicking. Specifically, I'm nitpicking the claim
that a large relative reduction in risk by ITSELF is a reason to do something. Cutting a risk
by 99% sounds great, my point was merely that if the risk is miniscule already, it may be that
it's not worthwhile.

Arguably, the safest default is to install no servers, unless the user specifically requests
the install (default: not installed), but some services are probably still better left
installed. Indeed, the safest default is to install NOTHING whatsoever, but this is hardly
reasonable, despite improvements to security.

Similarily, the safest default if the user DOES explicitly install a service is to not run it
-- requiring the user to explicitly enable it if he wants it. But this is unreasonable; most
people who install say "openssh-server" also wants to run it, so defaulting to off is
unfriendly, even though sligthly more secure.

Further, the safest default config would be something like disable-root-login
disable-password-authenthication allow-login-only-from-whitelisted-hosts, but again, this
would be unfriendly because it would mean extra work for most people. So this is probably not
worth it -- despite being more secure.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds