IPFW How to protect

Every OS is the same. Do NOT use easily guessed user accounts. Do NOT use easily guessed passwords. Do NOT reuse passwords (using the same password for everything).

Most of the "hacks" these days happen because people use easily guessed passwords. There are literately hundreds (if not thousands) of bots scanning the internet every minute. They're continuously looking, prodding and trying those easy to guess accounts and passwords.
 
A way to create and remember good passwords: Use the initial characters/letters of an easy to remember sentence. E.g. "my mother's birthday is January, 13th" -> password: mmbiJ13th
 
Standard bot vector attacks are SQL injection and admin panels for things like wordpress, myphpadmin etc. If you have huge priviliges for database user they can quite easy run commands on your os (PLSQL).

If you have unsecure SQL input on hosting like aws you will get hacked within week. If its not easy password, then it propably is not OS hack.
 
Every OS is the same. Do NOT use easily guessed user accounts. Do NOT use easily guessed passwords. Do NOT reuse passwords (using the same password for everything).

Most of the "hacks" these days happen because people use easily guessed passwords. There are literately hundreds (if not thousands) of bots scanning the internet every minute. They're continuously looking, prodding and trying those easy to guess accounts and passwords.

Is MAC OS the same question?
 
My system was hacked and crashed
How to protect

Please step by step
First of all keep your software up to date, ipfw was vulnerable among others to CVE-2019-5614.

Stop all services you don't use, close all ports you don't need or make proper firewall rules to restrict access if possible.
 
My system was hacked and crashed
How to protect

Please step by step
A "real" firewall setup with a manageable switch, packet filter firewall-host, DMZ (de-militarized zone) & service host in the DMZ. On that host, run all services jailed or in VMs (bhyve(8)). Secure it with ipfw(8) (see /etc/rc.firewall) or pf(4) (beware pf is different...). Strictly speaking, some services (e.g. DB for a web application) should be on their own physical host, a VM is not enough. The packet filter firewall-host and the services host (inside the DMZ) must be physically separate machines (in any case). Physically sepatate the networks for management and ordinary traffic, some also have a dedicated machine (terminal) for network management. Install a virus scanner at least on the services host, integrate that into mail and web/FTP proxy. Best practice is to have a socks gateway/proxy, espc. if you need to access the internet e.g. with SSH. Consider one of the FreeBSD-based firewall "distros" for the packet filter.
 
Physical security is just as important. Social engineering is often the easiest way to gain access. Be careful who you give WIFI access, etc.
 
Back
Top