Faqts : Business : Operating Systems : Linux : Networking : Modems : Cable Modems

+ Search
 Add Entry AlertManage Folder Edit Entry Add page to http://del.icio.us/
Did You Find This Entry Useful?

9 of 10 people (90%) answered Yes
Recently 7 of 8 people (88%) answered Yes

Entry

Do I need to setup security for a cable modem server?
Why should I bother securing a simple Linux box with a cable modem?

May 15th, 2000 09:54
Nathan Wallace, Vincent Fox, Rick Matthews, Mike Kent
 


When you wake up one morning with a CNN truck on your lawn and a bunch
of cameras shoved in your face with the questions being shouted "why did
your system launch attacks on (target)?" you may think a little
differently.

Someone you don't know (and probably won't like) could get root access
to the linux box, at which point they can do anything you can, including
a lot of things you wouldn't.

Script kiddies will break into your box just to use it to attack other
systems, then wipe their trail behind them so the evidence all points at
YOU. You better think about that permanent network attachment with no
security REAL careful like. Doesn't strike me as real smart unless you
don't give a shit about say your network connection being yanked
abruptly when your box is used attempting to hack your ISP.

Or what if the police stop by with a warrant for your arrest for the 
distribution of child pornography (that was downloaded from your 
machine)?

For sure they can user your box for asssorted Bad Things ...

   ..  spam injection
   ..  warez trading
   ..  base for hacking other people's systems
   ..  one unit in distributed denial of service 
         attack on other systems

Once the intruder has root, your logs will be wiped of any traces of the
penetration, and rigged not to capture any of the intruder's
activities.  Good luck explaining to the folks who got hurt (and,
possibly, their lawyers) that it wasn't you, and it's not your fault;
even if they believe you, their lawyers just may have a chat with yours
about 
"attractive nuisances" and "the reasonable man", and your liability for
not taking simple precautions.

For your own protection, _and for the general welfare_, secure the
system.  You can do it in an hour, you'll be safer, we'll be safer,
you'll sleep better knowing you've done the Right Thing.

I have a DSL connection and use a linux box to provide access to my
small home network. I do not have anything that is available to the
outside world, and as a result, there is nothing that advertises that I
even exist here.

Last night someone in Italy tried (unsuccessfully) several times to log-
in and make an ftp connection to my firewall. Night before last the same 
thing was attempted by someone in Korea.

The danger is real.