On Sunday 17 February 2008, Grant wrote: > > What wasn't mentioned is that SSL covers transport encryption, not > > necessarily application security. What that means is if you open IMAP, > > SMTP, CUPS, and SSH daemons over the internet then you also need to keep > > (better) track of security vulnerabilities found in those applications, > > and fix them as needed. SSL alone won't help you there. Whereas if > > you're only running, say OpenVPN over the Internet then that's the only > > application you gotta look out for. > > > > Also, doing things such as running IMAP over SSL using accounts with > > weak passwords doesn't gain you much either. > > Good points Albert. Is a daily 'emerge --sync && emerge -avDuN world' > generally enough as far as tracking security vulnerabilities?
It will sure help. So will strong passwds, denyhosts, or fail2ban and equivalents, a well configured IDS, etc. and close monitoring of the log files. Let's be honest, a machine that runs services has the potential to get cracked one way or another. A well configured machine has a disproportionately small probability of getting cracked, than your average WinXP IT illiterate user around the world. So, it's really a matter of how paranoid you would like to get about it. -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
