Reflecting on recent posts re allowing root login (related, but I didn't want to steal the thread), I'm wondering about a home network and what to bother with. There's a touch of devil's advocate in this but the concept that physical access == root access causes one to wonder.
If I have two boxes, with two users, linked by ethernet and one box is on dial-up to the ISP, with nothing listening on external ports except the ntp daemon, what is a reasonable stance on security? Given that anyone who breaks into the house will have physical access to the consoles anyway, do I need a whiz-bang long root password, strong passwords on the regular uses, and all the other hypervigalance? If ssh isn't even listening on external interfaces, does it matter if I allow root to ssh (useful for rsyncing backups between the boxes)? Why bother to rsync instead of just nfs mounting the backup repository? If I need to run a backup, other than it being 'proper', why not just login as root instead of myself and su? Note that I am _not_ suggesting that I just do everything as root; then I loose the protection from myself. Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
