| View previous topic :: View next topic |
| Author |
Message |
jasonpf
Tux's lil' helper
Joined: 23 Nov 2002
Posts: 86
Location: Tempe, AZ
|
 Posted: Thu Oct 07, 2004 11:19 pm Post subject: Extra Security Measures |
 |
|
I've been thinking about implementing some extra security measures on my Linux box. This is mainly because I plan to have this box around for the next 10 years or so and I would like some extra peace of mind. Here are my thoughts of security measures that I would like to have (and hopefully already done, I just don't know about it):
Logging in via SSH would allow 3 attempts. After the 3rd failed attempts from the same subnet or 10 failed attempts from any address in a 24 hour period, the system goes into a special secure mode. That special mode requires:
1. A keyfile along with the standard password
2. After logging in with this keyfile and standard password, you would be dropped into a subroutine that asks one of several security questions and gives 10 seconds and 2 attempts to get it right.
3. Upon failing that, the system shuts down all external access for 7 days and then goes back to its second state of alertness.
4. If the second state is failed once more, the system disconnects indefinately and requires a special local login.
5. If the local login fails twice, the discs are wiped using a secure wiping routine.
For this to even work and be feasible (from a security aspect), the discs would need to be encrypted and during the boot process, a usb root plug like device would need to be inserted to allow decryption. Once its booted up it can be removed for normal operation.
Also, some sort of intrusion detection would need to be used and would immedately take the system to the 2nd alert state (which may include shutting down non-essential systems, like apache, bind, samba, etc from which the intrusion may have taken place.
Any thoughts on this? Has something similar been done? I'm not actually paranoid, I just like the thought of having a "fort knox"-like security on my box.
P-Chan
Edit: http://www.sdc.org/~leila/usb-dongle/readme.html takes care of the encrypted disk part of this. |
|
| Back to top |
|
 |
nightblade
Guru
Joined: 20 Jul 2004
Posts: 368
Location: back from SE Asia
|
| Posted: Fri Oct 08, 2004 8:58 am Post subject: Re: Extra Security Measures |
|
|
Hello jasonpf,
| jasonpf wrote: |
Logging in via SSH would allow 3 attempts. After the 3rd failed attempts from the same subnet or 10 failed attempts from any address in a 24 hour period, the system goes into a special secure mode. That special mode requires:
1. A keyfile along with the standard password
2. After logging in with this keyfile and standard password, you would be dropped into a subroutine that asks one of several security questions and gives 10 seconds and 2 attempts to get it right.
|
I don't understand your point: if somebody fails 3 login attempts, definitely he/she doesn't know the right password. Dropping the system to such a "special mode" is a pain more for you that have to go through the keyfile and the security question thing than for the attacker. The attacker could actually fail 3 logins on purpose, performing a very mild (but annoying) DoS against you, since you would have to use the keyfile and answer the question every time he/she "attacks".
| Quote: |
3. Upon failing that, the system shuts down all external access for 7 days and then goes back to its second state of alertness.
4. If the second state is failed once more, the system disconnects indefinately and requires a special local login.
|
This sounds good. But again, be careful to what can lead to DoS.
| Quote: |
5. If the local login fails twice, the discs are wiped using a secure wiping routine.
|
As long as you have an updated encrypted backup stored somewhere, of course !
| Quote: | | Also, some sort of intrusion detection would need to be used and would immedately take the system to the 2nd alert state (which may include shutting down non-essential systems, like apache, bind, samba, etc from which the intrusion may have taken place. |
Again: what if I attack your system just to make you shut down your services ?
| Quote: |
I'm not actually paranoid
|
Yes, you are  .... just kidding 
In any case, my advice is to be careful with any "active countermeasure" that could lead to a DoS against your legitimate users or even against you.
As a standard approach, I prefer protections that do not need to shut something down, but this is a personal opinion.
Anyway, what about:
1. Using certificates instead of (or in addition to) passwords ? You would be safe against brute-forcing, without being exposed to the risk of being locked out yourself
2. What about a delay between different login attempts ? 5 (or 10, if you are paranoid) seconds of delay after any failed attempt is enough to keep away bruteforcers, without the need to shut anything down.
Just a few thoughts in a foggy morning.... where's my coffee ?
_________________
In God we trust. All the others must provide a valid X.509 certificate |
|
| Back to top |
|
|
nephros
Advocate
Joined: 07 Feb 2003
Posts: 2139
Location: Graz, Austria (Europe - no kangaroos.)
|
| Posted: Fri Oct 08, 2004 11:12 am Post subject: |
|
|
Have you considered throwing in port knocking as well?
(perhaps enabling it between 2. and 3. or even instead of 3.)
_________________
Please put [SOLVED] in your topic if you are a moron. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
