Kenneth E. Lussier said:
> Well, now, hold on there a minute, Ben.... There is something that has
> been completely missed here. Everyone keeps harping on the "Security
> holes big enough to drive a truck through" in BIND. Everyone keeps
> talking about how fixing BIND would require a complete rewrite, and no
> one wants to do that. Well, BIND *HAS* been completely rewritten. All of
> the security holes that are being found/announced are for either 4.x or
> 8.2. No one has even mentioned BIND v9, which is a complete rewrite, and
> was designed with security in mind this time around. I haven't dug too
> deeply into it, but just the fact that it has ipv6 capabilities, IPSec
> interop, NOCONNECT options, etc. etc. etc. tells me that someone out
> there is not only listening, but also acting on the various problems.
> None of the security holes that have been announced in the last 6+
> months are in BIND 9. A poor history is something to consider when
> choosing, sure. However, if a DNS server is properly configured, and if
> the network has been properly secured, then there really isn't anything
> to worry about. If we dismissed every service that has a history of
> problems, then we would have nothing. Let's see... We have to get rid of
> DHCP, NIS, NFS, etc., and we can't forget about the OS's. There goes
> Linux, Solaris, AIX, HP-UX, OSF, yadda yadda yadda......
>
> Kenny
>
Well said!
Listening to NPR this morning. They had a segment on social engineering for cracking.
You know, convincing someone to give you the info. Doesn't matter how good the
system is, if the cracker can convince someone to give him the info.
Remember: The only security is to remove the HD, encase it in concrete, seal it in
steel, and dump it down a volcano. All other security is a matter of risks.
jeff
-----------------------------------------------------------------------
Jeffry Smith Technical Sales Consultant Mission Critical Linux
[EMAIL PROTECTED] phone:603.930.9739 fax:978.446.9470
-----------------------------------------------------------------------
Thought for today: nyetwork /nyet'werk/ n.
[from Russian `nyet' = no] A
network, when it is acting flaky or is down. Compare
notwork.
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
