1 |
* Paul Hartman <paul.hartman+gentoo@×××××.com> wrote: |
2 |
|
3 |
<snip> |
4 |
|
5 |
Apropos cracked machines: |
6 |
|
7 |
In recent years I often got trouble w/ cracked customer's boxes |
8 |
(one eg. was abused for SIP-calling people around the world and |
9 |
asking them for their debit card codes ;-o). So thought about |
10 |
protection against those scenarios. The solution: |
11 |
|
12 |
Put all remotely available services into containers and make the |
13 |
host system only accessible via special channels (eg. serial console). |
14 |
You can run automatic sanity tests and security alerts from the hosts |
15 |
system, which cannot be highjacked (as long as there's no kernel |
16 |
bug which allows escaping a container ;-o). |
17 |
|
18 |
This also brings several other benefits, eg. easier backups, quick |
19 |
migration to other machines, etc. |
20 |
|
21 |
|
22 |
cu |
23 |
-- |
24 |
---------------------------------------------------------------------- |
25 |
Enrico Weigelt, metux IT service -- http://www.metux.de/ |
26 |
|
27 |
phone: +49 36207 519931 email: weigelt@×××××.de |
28 |
mobile: +49 151 27565287 icq: 210169427 skype: nekrad666 |
29 |
---------------------------------------------------------------------- |
30 |
Embedded-Linux / Portierung / Opensource-QM / Verteilte Systeme |
31 |
---------------------------------------------------------------------- |