Dave,
Although I agree with most of what you've said, I contend that this sort of
practice is only one step above the practice of associating a custom
extension with ColdFusion so that your pages do not end with the usual
ColdFusion extensions. At least the former does prevent one very specific
type of attack, rather than just delaying the inevitable.
I do not agree, however, that partitioning should be encouraged under the
guise of enhanced security. Though perhaps "idealistic," :) I believe that
comprehensive security practices should be encouraged at all times, even to
the exclusion of practices that may be more simple to implement, though less
secure. The latter seems to encourage a false sense of safety. Perhaps, this
is because some system administrators hear "partitions are more secure" and
begin repeating that like a personal mantra without a true idea of the scope
of that security.
For instance, I saw a recent report that, though more secure on a default
install, Windows 2000 installations are actually hacked far more often than
new Windows NT 4 installations (proportionally). Now, of course, there could
be quite a few reasons that this is the case, including the fact that
Windows NT has been around a lot longer and therefore it is easier to find
"best practices" white papers and other information about how to lock down a
Windows NT 4 server.
However, none of the explanations seem to take into account the fact that
the same hole patched on a Windows NT 4 server is less likely to be patched
on a Windows 2000 server. Both holes were discovered at the same time and
published in the same manner on all the usual sites. I believe many system
administrators are lulled into that false sense of safety with Windows 2000.
Why so? I'm not sure. Perhaps they believe the marketing propaganda, or
perhaps, because Windows 2000 is far more easy to use and administer, they
are less likely to question security issues or come across them.
Anyway, though I think there are quite a few good reasons for partioning
drives, I do not think partitioning should be actively encouraged for
security reasons. I would still like to know why Erika chose to partition
the drive and why those specific partitions were chosen. I think that would
better help us answer the original question. It may be academic and moot at
this point, since I'm sure the server is already in up and running, but I am
curious. :)
Benjamin S. Rogers
Web Developer, c4.net
Voice: (508) 240-0051
Fax: (508) 240-0057
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
To unsubscribe, send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body or visit the list page at www.houseoffusion.com
