[Box Backup] Advice for users of Debian-derived systems
affected by the OpenSSL fiasco -- assume compromise of all data
Bjarne Carlsen
boxbackup@fluffy.co.uk
Mon, 19 May 2008 16:40:14 +0200
man, 19 05 2008 kl. 09:36 -0400, skrev Peter Jalajas, GigaLock Backup
Services:
> Or is there something I can do on my Ubuntu/Debian OS firewall? Can
> Box Backup be plugged into something like csf/lfd?
We use ShoreWall, which can be set to deny routes - and I mean deny the
route, not just drop the packets - to attacking hosts, DenyHosts, which
can be configured to watch ports besides SSH for brute-force attempts
and put the offending hosts in /etc/hosts.deny and finally PortSentry,
which will deny routes to port-scanning hosts.
While this may sound like overkill, I am a firm believer in defence in
depth.
Bjarne