![]() |
![]() |
![]() |
||||
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
![]() ![]() |
|
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
Thread Tools |
![]() |
#1 |
Confirmed User
Industry Role:
Join Date: Jun 2004
Location: New York, NY
Posts: 6,890
|
How secure are your servers? Check this out...
We have installed a new verification system on our gateway server (the sole point of entry on our network).
Check this out: Each person who needs access is given a pager-like device. This device displays a 6-digit random sequence that changes EVERY 10 SECONDS. When you login to the server, through SSH or SCP, you are prompted for your name as usual. Then instead of password, you get: PASSCODE: which is a 4 digit PIN you choose + the 6 digits you see on the pager-thing. Then it asks you to wait until the numbers change (so max 10 seconds) and enter that sequence. If all is good, yo get in. If not, you're stuck outside. This is awesome to me, as even if someone broke your code and the sequence (which is already next-to-impossible), they would then only have 10 seconds to get the next sequence. How secure are you ?? ![]()
__________________
Skype variuscr - Email varius AT gmail |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#2 |
So Fucking Banned
Join Date: Aug 2003
Location: San Diego, CA
Posts: 5,464
|
what are you hiding?
![]() |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#3 |
Confirmed User
Join Date: Feb 2004
Posts: 597
|
Yes, but does that secure you from a pissed off employee? or someone he doesnt enter that way?
__________________
IcooCash - DVD Content for your TGP Cheap FreeBSD Virtual Hosting ICQ me at 605104 for Custom PHP/MySQL Programming |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#4 | |
Confirmed User
Industry Role:
Join Date: Jun 2004
Location: New York, NY
Posts: 6,890
|
Quote:
![]()
__________________
Skype variuscr - Email varius AT gmail |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#5 |
Confirmed User
Join Date: Mar 2002
Location: NY
Posts: 4,994
|
That prevents people from entering by guessing common passwords or otherwise discovering a password since the passes would change every 10 seconds. However, most servers are broken into through imporperly configured system daemons or taking advantage of holes in software or the OS itself. Which doesnt have anything to do with knowing or entering the password, so for those kind of breakins that system you implemented doesnt do anything to protect your servers.
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#6 | |
Confirmed User
Industry Role:
Join Date: Jun 2004
Location: New York, NY
Posts: 6,890
|
Quote:
Only myself, our SysAdmin and our CTO have access (and a pager-thingy). Aside from that....how else do you expect them to be able to enter by ??
__________________
Skype variuscr - Email varius AT gmail |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#7 | |
Confirmed User
Join Date: Aug 2004
Location: unknown
Posts: 1,449
|
Quote:
It's called a secureID smart guy ![]()
__________________
"I felt victimized by the Ian Eisenbergs of the world" - Mary Burger |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#8 |
Confirmed User
Join Date: Jun 2002
Location: austin, tx
Posts: 1,911
|
Its called a SecureID. I've been using one for 8 years now. Course, mine is an 8 char alpha passcode + 6 digit rotating PIN that changes every 60 seconds.
VERY handy...course, you all should be using ssh anyway, or scp at the least. ssh+secureID is teh shit.
__________________
http://www.flickr.com/photos/zoddler/ |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#9 | |
Confirmed User
Industry Role:
Join Date: Jun 2004
Location: New York, NY
Posts: 6,890
|
Quote:
Second, none of our servers have external IP addresses, so they cannot be reached. He would have to exploit our BigIP F5s, which is quite difficult to do.
__________________
Skype variuscr - Email varius AT gmail |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#10 |
Confirmed User
Join Date: Jun 2003
Posts: 453
|
my bank uses this for online banking - very cool system until you loose the fucking device and have to wait a month to get a new one.
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#11 |
best designer on GFY
Join Date: Mar 2003
Location: IALIEN.COM - High Definition Video and Photographic Productions -ICQ 78943384
Posts: 30,307
|
Thats pretty fucken solid.
__________________
![]() ![]() NAKED HOSTING FTW!11 I'm On The INSANE PLAN $9.95/mo! | The Alien Blog Adult News Worth Reading Updated Daily | Content For Sale! 641 PICS 216 MINUTES OF VIDEO $350.00 |ICQ: 78943384 | |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#12 | |
Confirmed User
Industry Role:
Join Date: Jun 2004
Location: New York, NY
Posts: 6,890
|
Quote:
![]() However yes, you are right. It's still a nice system though ![]()
__________________
Skype variuscr - Email varius AT gmail |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#13 | |
Confirmed User
Industry Role:
Join Date: Jun 2004
Location: New York, NY
Posts: 6,890
|
Quote:
__________________
Skype variuscr - Email varius AT gmail |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#14 | |
Confirmed User
Join Date: Jun 2002
Location: austin, tx
Posts: 1,911
|
Quote:
__________________
http://www.flickr.com/photos/zoddler/ |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#15 |
Ryde or Die
Industry Role:
Join Date: Dec 2002
Location: California-Shanghai
Posts: 19,568
|
how much is this thing costing u?
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#16 | |
Die With Your Boots On
Join Date: Oct 2003
Location: Hawaii
Posts: 22,872
|
Quote:
![]()
__________________
![]() |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#17 | |
Confirmed User
Join Date: Mar 2004
Posts: 683
|
Quote:
If there's no physical security there's no security. If I wanted to 'hack' into a server all I would need is a screwdriver and a key to the building. Just keep that in mind. |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#18 |
stc is the greatest
Join Date: Dec 2002
Location: rip sean murray
Posts: 12,403
|
securid is old school
i even rap about it in some old songs my dad used to have to use it to log on to lockheeds ip network |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#19 |
Confirmed User
Join Date: Nov 2003
Location: Penguin vs Devil
Posts: 745
|
Over kill
Hackers = holes, exploits, and poor configurations.
__________________
"Only the dead have seen the end of war." - Plato "In the abscence of orders, go find something and kill it." - Erwin Rommel "A man's worth is no greater then the worth of his ambitions." - Marcus Aurelius |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#20 | |
Confirmed User
Join Date: Mar 2004
Posts: 683
|
Quote:
As for FreeBSD .. I wouldn't count on your OS choice for protection. Especially because FreeBSD and Linux run mostly the same software. For example, if you're using Apache then apache is apache .. it doesn't matter what operating system you're using. It mostly comes down to two things.. 1) how the machine was configured and 2) are there any exploitable bugs in the code for any of the software that you're running. The only exception to the above is OpenBSD. It has a reputation for security because every single piece of software in the default install is audited to try and weed out exploitable bugs .. and the guys behind it know their shit when it comes to security so the default install is automatically configured to be lock-tight. However, if you install 3rd party software then that paradigm goes down the drain. |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#21 | |
Confirmed User
Industry Role:
Join Date: Jun 2004
Location: New York, NY
Posts: 6,890
|
Quote:
![]()
__________________
Skype variuscr - Email varius AT gmail |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#22 | |
Confirmed User
Industry Role:
Join Date: Jun 2004
Location: New York, NY
Posts: 6,890
|
Quote:
__________________
Skype variuscr - Email varius AT gmail |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#23 | |
Confirmed User
Industry Role:
Join Date: Jun 2004
Location: New York, NY
Posts: 6,890
|
Quote:
__________________
Skype variuscr - Email varius AT gmail |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#24 | |
Confirmed User
Industry Role:
Join Date: Jun 2004
Location: New York, NY
Posts: 6,890
|
Quote:
![]()
__________________
Skype variuscr - Email varius AT gmail |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#25 | |
Confirmed User
Join Date: Apr 2004
Posts: 2,225
|
Quote:
lol |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#26 | |
Confirmed User
Industry Role:
Join Date: Jun 2004
Location: New York, NY
Posts: 6,890
|
Quote:
We got our man Jeff to fit in there though.....we only feed him once a week ![]()
__________________
Skype variuscr - Email varius AT gmail |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#27 |
Confirmed User
Industry Role:
Join Date: Mar 2004
Location: Location: Location:
Posts: 1,245
|
yes there are indeed ways around that.
and its not new. that is basically the same method AOL has been using for thier Internal employees and everyone else on their lan for many years now. there are a number of other businesses using PIN based logins that are calculated on pager like devices. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#28 | |
Confirmed User
Join Date: Apr 2004
Posts: 2,225
|
Quote:
|
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#29 |
i have man boobies
Join Date: Jul 2003
Location: van down by the river
Posts: 13,082
|
who cares? if i beat the 4digit code out of you and steal your pager, im in
but why does burgerking really need all that security anyways?
__________________
333-765-551 |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#30 | |
Confirmed User
Join Date: Mar 2004
Posts: 683
|
Quote:
Let's say you've got 5 web servers behind one load balancer... and they're all running the same version of apache, configured the same way (that's a safe assumption in most cases) and I happen to know of an exploit that just might work on that version of apache. I run my exploit, it goes through your load balancer, to one of the 5 webservers, exploits the bug and bam I have a shell running as the httpd user (or whatever user apache is running as) on that webserver. Sure I've only cracked one of the 5 servers .. but who cares ? Now I poke around and see that the dumbass sysadmin that installed this box left an exploitable version of sendmail running even though it's not being used (it happens quite often) .. I exploit it and I have root. Now I own your webserver. Sure if I log out I lose the exploited one .. but I can still grab sensitive information while I'm there .. and I can always re-run the exploit later on and get another server. The load balancer is not an issue here at all.. it passes everything through port 80 to one of the 5 servers .. it doesn't care what's being passed through. Unless I'm missing something. |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#31 | |
Confirmed User
Join Date: Nov 2001
Location: Las Vegas, Nevada
Posts: 734
|
Quote:
|
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#32 |
Confirmed User
Join Date: Oct 2002
Posts: 826
|
Yep, this key thing is good if your a newbie and wanna get root access to a box. Trust me...no real Ha0ker will ever use the normal port 22 to get in.
The real deal is a tcp wrapper who only allows your own ip in or only allows physical onsite access to the server. Close all fucking useless ports. Thats way more secure than any other rotating beeper crap.... my 2 cents |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#33 |
Confirmed User
Industry Role:
Join Date: Mar 2004
Location: Location: Location:
Posts: 1,245
|
basically no network is bulletproof from breakins. if there is a will there IS a way.
SID;s are bullshit. not really a big help as there are many ways around it. its kind of like when MS or someone released the new keyboards with fingerprint identification, within the day at the same convention someone showed a very easy way to exploit it.... dust, tape, and a clean drinking glass. ![]() |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#34 |
Confirmed User
Join Date: Aug 2002
Posts: 5,235
|
pagers listen to a radio signal and so can anyone else
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#35 | |
Confirmed User
Industry Role:
Join Date: Jun 2004
Location: New York, NY
Posts: 6,890
|
Quote:
The only system I still work with is our NetApps. Maybe I should stop replying now since you guys know more about the security/exploits stuff than I ![]()
__________________
Skype variuscr - Email varius AT gmail |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#36 | |
Confirmed User
Industry Role:
Join Date: Jun 2004
Location: New York, NY
Posts: 6,890
|
Quote:
![]()
__________________
Skype variuscr - Email varius AT gmail |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#37 | |
Confirmed User
Join Date: Jun 2002
Location: austin, tx
Posts: 1,911
|
Quote:
__________________
http://www.flickr.com/photos/zoddler/ |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#38 | |
Confirmed User
Join Date: Jun 2002
Location: austin, tx
Posts: 1,911
|
Quote:
__________________
http://www.flickr.com/photos/zoddler/ |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#39 |
Confirmed User
Join Date: Sep 2003
Location: p0rn0stars & h0es
Posts: 2,931
|
its called a keyfob
__________________
ICQ#: 153923840 |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#40 | |
stc is the greatest
Join Date: Dec 2002
Location: rip sean murray
Posts: 12,403
|
Quote:
|
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#41 |
Confirmed User
Join Date: Dec 2003
Location: canada
Posts: 170
|
i'm secure in who i am.
![]()
__________________
love da biz |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#42 | |
Confirmed User
Industry Role:
Join Date: Jun 2004
Location: New York, NY
Posts: 6,890
|
Quote:
![]() You'll get mad honeys that way hehe
__________________
Skype variuscr - Email varius AT gmail |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#43 |
Confirmed User
Join Date: Aug 2002
Posts: 5,235
|
I got to wonder, how often do the "pager like device" and the system you are protecting have to be "synced" so that they are using the same numbers?
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#44 | |
Confirmed User
Join Date: Jun 2002
Location: austin, tx
Posts: 1,911
|
Quote:
Note that you can set it up such that if you fat finger the pass code a certain number of times, it gets locked. Ours is set to 3...
__________________
http://www.flickr.com/photos/zoddler/ |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#45 |
Confirmed User
Join Date: Aug 2002
Posts: 5,235
|
I figured it would have batteries or something
thus a need for a resync |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#46 | |
Too lazy to set a custom title
Industry Role:
Join Date: Aug 2002
Posts: 55,372
|
Quote:
its just lazy admins not doing there job right. even if you have a managed server, sometimes they dont know what they are doing.
__________________
Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence. ![]() WP Stuff |
|
![]() |
![]() ![]() ![]() ![]() ![]() |