Thursday, November 26, 2015

Cracked!

Last week I discovered some open outgoing SSH sockets on my "hardened" Red Hat gateway machine.  A little more digging revealed a web server connected to those sockets, but I haven't yet been able to find the files being served.

I'll admit I had become complacent about updating the system, since it had been working with perfect performance.  Being lulled into a false sense of security is no excuse!

I haven't yet had the time to rebuild a hardened server from scratch (it is a ton of work), but the first two quick fixes I did was to disable httpd and to restrict ssh to only my internal NIC by adding a ListenAddress entry to /etc/ssh/ssh_config.

However, I'm not much of a sysop or IT specialist, and I lack any real system hardening knowledge.  Most of what I did was to dumbly follow various "best security practices" advice from distro makers, government agencies, and security companies.

Clearly the crackers are way better at their game than I am at mine.

So I decided to look at what's available in security-focused routers and immediately stumbled upon the Tuirris Omnia Indegogo campaign.  For US$209 (shipping included) I'll get a powerful OpenWRT-based gigabit router and a/b/g/n/ac MIMO access point that includes a monitored honeypot and automatic security updates from a highly-rated Czech provider.

Since the router won't ship until next spring I'll still have to (re)harden my Red Hat box, but after that I'll let the professionals provide my first line of defense.