On 29 Nov 2005, at 12:48pm, Bruno Schaeffer wrote:
I am running a Mac OS X Tiger Server and I am increasingly
observing attacks trying to log in via SSH and guessing user ids
and passwords. The server is only accessible via SSH from the
Internet and only two user ids whose passwords are well chosen can
log in via SSH. Nevertheless, I would like to limit those attacks
since they also consume quite some resources, esp. bandwidth. What
are you practicing or suggesting? I am using the firewall which is
included with Mac OS X.
While you're seeing attacks, that /is/ all you're seeing. As long as
your passwords are well-chosen (e.g. include upper case, lower case,
and digits) they're unlikely to be able to get in. Oh, and the other
'obvious' thing is to keep up-to-date on all Software Updater fixes,
since they often incorporate security fixes.
While I support paranoia in the case of important boxes, true
paranoid is a handicap.
P.S.: Is there any literature/links on how to improve the security
of a Mac OS X Server?
A huge amount, but most of it is pointless unless you're going to be
subject to intentional concentrated attacks determined to break into
your box specifically. This one
