Linux here
The gateway is only allowed for the ports I need
I use whitelists in the firewall for all servers
I run my own email server and it is whitelisted too as far as possible.
If I open the firewall for a day or so, the attack attempts gradually start as can be seen by "cat /var/log/secure* | grep ssh | more "
That shows where the attacks are coming from and the methods they are using, usernames and passwords they are trying etc.
It is just amazing. They hit the servers more than twice per minute sequentially trying passwords that may be english first names, then rotate through indian names etc. They rotate usernames through names that IT people must use commonly.
Apart from the security, it add wear on the hard drives, unless the firewall is silently blocking.
I just started trying NoScript on the firefoxes.
|