HOWTO: Security
Kurt Roeckx
kurt at roeckx.be
Tue May 24 21:45:39 UTC 2016
On Tue, May 24, 2016 at 02:38:23PM -0700, Gary E. Miller wrote:
> Yo Eric!
>
> On Tue, 24 May 2016 17:33:06 -0400
> "Eric S. Raymond" <esr at thyrsus.com> wrote:
>
> > Hal Murray <hmurray at megapathdsl.net>:
> > >
> > > esr at thyrsus.com said:
> > > > See my reply to Gary and your text about NATs and firewalls.
> > > > Nobody has convinced me that this procedure *isn't* taking
> > > > security seriously, nor will they until I understand how any
> > > > machine other than the one I port-forward to is visible to
> > > > outsiders.
> > >
> > > Your mention of port-forward assumes you are behind a NAT box.
> > > That's not true in all setups.
> >
> > Would it suffice to say "Never put a Pi on an un-NATted address until
> > you have removed the default account?"
>
> Most people's NATs leak a lot. Or they have IPv6 end around.
>
> Just change the password, to a good one, the FIRST step.
Can I just suggest that you don't allow password based logins over
the network?
Kurt
More information about the devel
mailing list