True Pundit

Featured Politics Security

Live Blog of Oversight Hearing on State Dept., Hillary Clinton’s Private Email Server Setup

FOLLOW US!
Follow on FacebookFollow on Twitter

The House Oversight and Government Reform Committee heard testimony from several witnesses, Sept. 13th, except Brian Pagliano who ignored a Congressional subpoena to appear, on the State Department’s record keeping.

We live blogged the hearing on Twitter. Here is the recap.

-30-

 

 

 

 

FOLLOW US!
Follow on FacebookFollow on Twitter

  • Bob Bobbels

    Someone with no formal IT training, but plenty of experience, here 😉
    Every server in the world is being attacked frequently, with complete disregard of who owns it or what’s on it.
    That’s because the attacks are being done by bots. They just try a few standard ports and passwords and move on to the next one.

    So that’s really nothing special, and nobody is persecuting the attacks because you’d go fucking crazy doing it, and in 99,9% of the cases you’ll find some poor asshole’s home PC that was infected by some malware, or you’ll find another server that has some malware on it.

    And if you have a secure password on your server, and/or you use non-standard ports, you are practically secured against these kinds of attacks.

    So, I just wanted to get THAT out of the way. The rest of it is plenty bad on its own.

  • Diamanical Johnson

    Use of non standard ports is no more than putting a few speed bumps in the path. whether your server uses a standard port or one on a different # when a connection attempt is made the service still identifies itself and behaves the same way. For a low priority target security through obscurity is effective only to the point of keeping widely available crappy automated tools (like you mentioned) in the hands of wanna be hackers from being effective. When you are a high priority target then multiple layers of security as well as a constant monitoring plan in place is a must, log scanning that detects abnormal activity which is easy to do and automated black listing of offending IP’s. I held a top secret clearance in the Navy, I have >20 years experience in IT and a considerable knowledge of IT security, I wouldn’t even consider myself knowledgeable enough to evaluate or recommend a security plan for protecting the data that they were flinging around unsecured and allowing people with no background in IT security to administer. Then again I understood and care about the implications of exposing classified information.

  • Bob Bobbels

    If it’s just about password cracking, a good password and a script like fail2ban go a long way.
    All I was trying to say was that these numerous attacks don’t necessarily have to mean anything, because every server, that’s accessible from the internet, is subject to those. It doesn’t mean anyone targeted the server specifically.

  • Diamanical Johnson

    Of course, but there is absolutely no doubt that hers was targeted directly.