On Wed, Oct 25, 2000 at 02:12:12PM -0700, Scott Bronson wrote: > I take it you don't wear your seatbelt then? If your car is > properly configured and you drive it correctly, then the > seatbelt is just a needless discomfort. > > If ALL I did was remove read permissions from the config files, > that would be security through obscurity. Since I'm using this > as one step in a larger security plan, it is called prudence.
But what actually does it give you? It protects you from cracker-wannabies who see that if there is an 'X' line in your /etc/inetd.conf, then it's time to run exploit 'Y'. This gives you a false sense of security, unless you only want to protect from script-kiddies while neglecting other attackers. But since you say this is to be 'one step in a larger security plan', then I really don't understand what it gives. regards Marcin -- +--------------------------------+ The reason we come up with new versions |Marcin Owsiany | is not to fix bugs. It's the stupidest |[EMAIL PROTECTED]| reason to buy a new version +--------------------------------+ I ever heard. - Bill Gates
