Re: [tlug] Introduction and defense of home webserver

[Kalin KOZHUHAROV <me.kalin@example.com>]

On Jun 14, 2015 6:21 PM, "Raymond Wan" <rwan.kyoto@example.com> wrote:
> A thief that breaks into your home and takes your tv is worrying.  A
> thief that breaks into your home and doesn't take anything is also a
> cause for concern!
>
A thief who installs a webcam in your bedroom?
A thief who installs spying equipment on your neighbour?
A thief that rents your house to say drug dealers while you are on vacation?

And you have no idea, but you'll have hard time explaining to the police anyway.

I will not attempt to classify all attackers, but "I have nothing of value" is not good defence on the Net. You have IP address (possibly not in any blacklist, yet), bandwidth (for launching DDoS attacks), a physical location (where SWAT teams can knock on). Getting a few random targets as jump points (in several layers, across countries) is almost a requirement these days.

And some attackers are just plain insane. They just feel good by making others feel bad, by exposing private data, wiping data or even blackmailing people to give access to their data back.

My idea about "staying ahead of script kiddies" is very simple indeed: any attacker has many targets and usually no preference; they get in more systems than possible to pilfer in their life, so if they cannot get into your server with automated easy tools, they just move on.
If you are targeted though (the modern APT acronym here), you stand almost no chance. Also, if you are p0wned once, chances are they've installed multiple backdoors and will keep coming or sell access...

Kalin.