Nguyen Vu Hung a ?crit : > How about vnc free edition if you don't need encryption? > Note that you can run VNC over a SSH connexion to get encryption too.
> It does the same thing and some more cooler stuffs thanks to the GUI. > > Perhaps Andre will strongly disagree because he is a sysadmin and CUI > fascinated. > Yes I am a sysadmin and CLI fascinated! ;-) But that's not the main reason why I have to disagree with using VNC, or any other GUI, to manage a server. My main point is the more you install software, the more you get at risk to face some bug, so the more you put your server at a security risk. And installing a full GUI environment means bloating the disk and memory with full of them (bugs) ! And if it wasn't convincing enough, just consider that using a CLI give far more power to do things quickly and efficiently, especially when it's a true remote server, on a not-so-fast network path. Just see the time/menus/windows/clicks you need to create a user with GUI, when that's only one command with CLI? And I would say exactly the same to people installing a development (programming) environment on their server, for example to be able to compile the applications they will use on it. Don't do that! Compile on another computer (cross-compile if required) and bring the generated binaries into your server instead! This is exactly for the same reasons as above and one more: you would give intruders more chance to easily compile their own tools too. For the record, there have been some cross-platform Apache worm (not GNU/Linux specific, but affecting GNU/Linux too), intruding through a SSL bug, that used gcc to compile and install itself on web servers. It would never have succeeded like it did if there were not so many people installing "everything" on their servers! :-/ The best way to manage a server with a minimum of work and still getting a good security (not high, but mostly good enough) is to: - install the strict minimum softwares on it (no GUI, no dev, ?) ; - apply security updates very frequently (daily if possible) ; - do frequent backups (daily if possible, with version history) ; - secure access to it (especially by network filtering). Here I put the access security at the end because, if you really do the first two steps *correctly*, you are already protected against most major threats! A lot of web intrusion only are the consequence of sysadmin not doing security upgrades frequently, and not really because of intruders being so great? -- Jean Christophe "????" ANDR? ? ? ? Responsable technique r?gional Bureau Asie-Pacifique (BAP) ? ? ? http://www.asie-pacifique.auf.org/ Agence universitaire de la Francophonie (AuF) ? ? ? http://www.auf.org/ Adresse postale : AUF, 21 L? Th?nh T?ng, T.T. Ho?n Ki?m, H? N?i, Vi?t Nam T?l. : +84 4 9331108 ? Fax : +84 4 8247383 ? Cellul. : +84 91 3248747 ? Note personnelle: merci d'?viter de m'envoyer des fichiers PowerPoint ? ? ou Word, cf http://www.gnu.org/philosophy/no-word-attachments.fr.html ? -------------- section suivante -------------- Une pi?ce jointe non texte a ?t? nettoy?e... Nom: signature.asc Type: application/pgp-signature Taille: 260 octets Desc: OpenPGP digital signature Url: http://lists.hanoilug.org/pipermail/hanoilug/attachments/20090212/7656bd9b/attachment.pgp
