Blog of Obscurity

A Very Munchkinly Blog

Friday, March 25, 2005

The Value of a Home Server

I run a server in my house, which handles my and my family's (and some friends) email, web services and a few other things. It's a moderately fast system, but it's on a fast always-on connection and it has a lot of disk space, so it's a frequent target for people looking for a way in. It's not particularly valuable in any monetary sense, but if someone's getting it's use for free, it acquires value simply because the value of the use of the resource exceeds the effort required to get it.

Since I do computer security for a living, and since I had locked down the box, no one had gotten into it in a couple of years (since I locked it down, in fact). Ah, complacency...

Last Monday someone guessed a bad password on one of the user accounts, and rootkitted my server. I discovered the intrusion in about 90 minutes, and they didn't manage to actually get anything of value. However, they did manage to have control of my box, and had installed a sniffer and lots of other stuff, so I had to rebuild my system to be sure it was clean.

Lessons learned:

1) Don't get complacent. Pay attention to who's trying to get into the box. You never know when they might succeed.
2) Take action. In my case, I now have a script looking for bad login attempts and some other things. If I can't explain the attempt, I put the IP into /etc/sysconfig/iptables and restart the iptables service immediately. Within a day at most of attempting to use a system to get to mine in an unauthorized manner, that address is burned for attacking my system, because packets are simply dropped.
3) Even if you've secured the outside of the box, secure the inside, too. Rootkits can get you if you have a vulnerability in your kernel or in your system generally, as long as someone can get onto the box. The key is to defend in depth.
4) When you back off files you want to save, don't forget part of the database. (No, really, how dumb can I get?)

In other words, I didn't learn anything, but I am now remembering to apply the same things at home that I do for my clients.