Those are some pretty bad habits you're espousing. Don't turn on ftp *ever* - use scp.
Enumerate whatever services you are sporadicaly turning on and off, and either decide that they are vulnerable, and never use them, or leave them on and tighten what you can.
For example, you already decided to leave ssh on. That's an example of the second option. To continue on that line, tighten ssh by making sure rhosts is off, root cannot log in directly, and blank passowrds are disallowed.
An example of the first option would be disabling ftp for good, and learing how to use scp.
That's nice, but what if you *want* some services to be available to the outside world? Being able to ssh from anywhere into your home network is *handy*!
Go w/ the linux/bsd route. The SOHO hardware routers don't give you enough flexibility. They're getting better, but for a bit more, a cheapie linux box can do things like letting you ssh in.
Unofrtunately, a lot of apps are hardcoded to bind to the "any" address. If that's case you have two options:
1) Fix the code
2) Use ipchains to prevent a syn packet from coming in on the "wrong" inteface to that port. It'll still show up as listening on that port in a "netstat -a", but noone can get to it.
I have a dsl line in my apartment. I have it connected to a dual NIC pentium 90 that is my ip-masq/firewall/dhcp server/samba/ssh/httpd server. That's right, a Pentium 90. Not as bad as a 486, but no great shakes. I VERY carefully bind vulnerable services to the inside NIC, and only have http and ssh available to the outside nic. ipchains rules do the masqing and firewalling.
Te box has flawless uptimes, and speed is NOT an issue. It's very easy to saturate a cable or DSL line. CPU won't be your bottleneck.
Things to watch out for:
1) listening ports. do a "netstat -a" and check for "*:anything... LISTEN". If you dont want it to be available to the outside world FIX it!
2) NO X. Duh.
3) understand ipchains. It's not hard, but not obvious either
4) dont forget about UDP.
Python is *sort* of a scripting language. The guy wrote wrote TCL tried once in a paper to define what is a scripting language, but it's still rather fuzzy.
Python can be used in place of shell scripting. It can also be used to write full blown GUI-based products. It has the scripting like attribute of not requiring compilation, but that's counterbalanced by the fact that it *does* compile scripts into bytecode.
Also, Python is a flexible beast. For example there are currentyl two completely seperate implementations ofg the Python language. One is written in C, and one is written in Java. the Java one compile Python code into Java bytecodes for execution in a Java VM. that's right, you can right applets that run in a browser in Python. You can use Java classes in JPython and even subclass them.
Python does treat them differently. A tab is arbitrarily set equal to 8 spaces. However, it is hard to screw this up since compilation to bytecode will fail if it is inconsistent. Also, there are tools like tabnanny to watch out for things like this.
Slashdot Mirror
Yes, ssh, if used *correctly* can secure X. What I meant was that you shouldn't be running an X server on the machine. Takes up too much resources.
Ben Ploni
Those are some pretty bad habits you're espousing. Don't turn on ftp *ever* - use scp.
Enumerate whatever services you are sporadicaly turning on and off, and either decide that they are vulnerable, and never use them, or leave them on and tighten what you can.
For example, you already decided to leave ssh on. That's an example of the second option. To continue on that line, tighten ssh by making sure rhosts is off, root cannot log in directly, and blank passowrds are disallowed.
An example of the first option would be disabling ftp for good, and learing how to use scp.
Ben Ploni
That's nice, but what if you *want* some services to be available to the outside world? Being able to ssh from anywhere into your home network is *handy*!
Ben Ploni
How fast do you think the CPU is in those SOHO Cable/DSL routers anyway?!?!? :-)
Ben Ploni
Go w/ the linux/bsd route. The SOHO hardware routers don't give you enough flexibility. They're getting better, but for a bit more, a cheapie linux box can do things like letting you ssh in.
Ben Ploni
Unofrtunately, a lot of apps are hardcoded to bind to the "any" address. If that's case you have two options:
1) Fix the code
2) Use ipchains to prevent a syn packet from coming in on the "wrong" inteface to that port. It'll still show up as listening on that port in a "netstat -a", but noone can get to it.
Ben Ploni
I have a dsl line in my apartment. I have it connected to a dual NIC pentium 90 that is my ip-masq/firewall/dhcp server/samba/ssh/httpd server. That's right, a Pentium 90. Not as bad as a 486, but no great shakes. I VERY carefully bind vulnerable services to the inside NIC, and only have http and ssh available to the outside nic. ipchains rules do the masqing and firewalling.
... LISTEN". If you dont want it to be available to the outside world FIX it!
Te box has flawless uptimes, and speed is NOT an issue. It's very easy to saturate a cable or DSL line. CPU won't be your bottleneck.
Things to watch out for:
1) listening ports. do a "netstat -a" and check for "*:anything
2) NO X. Duh.
3) understand ipchains. It's not hard, but not obvious either
4) dont forget about UDP.
Good luck,
Ben Ploni
Try the new Abit Athlon board. It has an onboard Highpoint 370 chip that does ATA100 and Hardware RAID.
Put two of these 80GB ATA100 drives on this mainboard and you'll clear 50-60 MB/s.
Can you say FAST????
You forgot to mention how Guido indented Larry's skull! :-)
Python is *sort* of a scripting language. The guy wrote wrote TCL tried once in a paper to define what is a scripting language, but it's still rather fuzzy.
Python can be used in place of shell scripting. It can also be used to write full blown GUI-based products. It has the scripting like attribute of not requiring compilation, but that's counterbalanced by the fact that it *does* compile scripts into bytecode.
Also, Python is a flexible beast. For example there are currentyl two completely seperate implementations ofg the Python language. One is written in C, and one is written in Java. the Java one compile Python code into Java bytecodes for execution in a Java VM. that's right, you can right applets that run in a browser in Python. You can use Java classes in JPython and even subclass them.
Python does treat them differently. A tab is arbitrarily set equal to 8 spaces. However, it is hard to screw this up since compilation to bytecode will fail if it is inconsistent. Also, there are tools like tabnanny to watch out for things like this.
But it's a good idea for languages meant to be READ by humans!