From: Ben <be...@uk...> - 2004-05-05 12:02:02
|
Thanks for your help. I will look into stronger authentication on the web side of things. What about actual file system encryption? Has anyone implemented this? And if so, does it slow it down much? I've done a bit of reading up on it but apparently there is not much difference speed wise. Hopefully won't run into any other issues. Am in the middle of building another backup server and testing it so I'll post my results once it's finished. On Wed, 2004-05-05 at 07:51, Carl Wilhelm Soderstrom wrote: > On 05/04 11:40 , daniel.poelzleithner wrote: > > Carl Wilhelm Soderstrom wrote: > > > > | It still won't stop someone from brute-forcing user passwords via the web > > | interface; but hopefully will slow them down long enough for you to > > notice. > > > > I think there is a apache module against such attacks. > > this one, I belive: > http://freshmeat.net/projects/mod_dosevasive/ > > haven't tried it, but it looks interesting. > > > When you need security in your network, use kerberos. > > that's a debatable matter. it's certainly very good in some situations, but > is painful to set up; and in most situations may not offer much over other, > less-intensive measures. that's a debate for another forum tho. :) > > > Your Backup > > machine should not run any other services than a web server, backuppc > > and ssh (use keys, no passwords). > > I would suggest not to use apache, use a simple script based webserver > > which shouldn't be so easy to crack. > > any suggestions for which one? > I don't think thttpd supports CGIs; and I'm not familiar with any others. > > Carl Soderstrom. |