| 1 |
* Paul Hartman <paul.hartman+gentoo@×××××.com> wrote: |
| 2 |
|
| 3 |
<snip> |
| 4 |
|
| 5 |
Apropos cracked machines: |
| 6 |
|
| 7 |
In recent years I often got trouble w/ cracked customer's boxes |
| 8 |
(one eg. was abused for SIP-calling people around the world and |
| 9 |
asking them for their debit card codes ;-o). So thought about |
| 10 |
protection against those scenarios. The solution: |
| 11 |
|
| 12 |
Put all remotely available services into containers and make the |
| 13 |
host system only accessible via special channels (eg. serial console). |
| 14 |
You can run automatic sanity tests and security alerts from the hosts |
| 15 |
system, which cannot be highjacked (as long as there's no kernel |
| 16 |
bug which allows escaping a container ;-o). |
| 17 |
|
| 18 |
This also brings several other benefits, eg. easier backups, quick |
| 19 |
migration to other machines, etc. |
| 20 |
|
| 21 |
|
| 22 |
cu |
| 23 |
-- |
| 24 |
---------------------------------------------------------------------- |
| 25 |
Enrico Weigelt, metux IT service -- http://www.metux.de/ |
| 26 |
|
| 27 |
phone: +49 36207 519931 email: weigelt@×××××.de |
| 28 |
mobile: +49 151 27565287 icq: 210169427 skype: nekrad666 |
| 29 |
---------------------------------------------------------------------- |
| 30 |
Embedded-Linux / Portierung / Opensource-QM / Verteilte Systeme |
| 31 |
---------------------------------------------------------------------- |
Archives