On Thu, 16 Aug 2001, Rafael 'Dido' Sevilla wrote:
> Personally, I think this is impossible. No system can be absolutely
> secure out of the box. Remember that every server deployed has a
> purpose, and without taking this purpose into account, you have many
> potential insecurities. Admittedly, Linux distro vendors could do a
> better job of making a more secure default install, but ultimately,
> there is no one-size-fits-all charm. Any serious system administrator
> installing a Linux box should examine each and every package he or she
> installs, to see whether it actually does have some place there. If
> not, remove it. At best, it's dead weight. At worst, it's a security
> risk.
Not every package, but every package that listens for connections on the
net.. Unless you want to open the possibility that one package may
actually be a trojan, which is quite praning already.
> I don't think it's an exaggeration to say that a lot of system
> security breaches occur because the administrator was ignorant of the
> aspect of the system that got exploited. Case in point: looks like
> the vast majority of the people who run W2K boxes affected by the Code
> Red worm were unaware that they were even running IIS on their box at
> all, at least until well after the problem started! You cannot secure
> what you do not understand.
What is that saying in CAT/CMT before? "Ignorance is no excuse for
non-compliance" A sysad is a sysad is a sysad, they must be aware of the
problems they face when administering NT. If they want to seat in the
captain's chair, be ready for a ship full of problems, known and unknown.
At the start it may be a walk in the park, with all the bells and whistles
of the NT system, but then again...
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
