Mr. Greer, you state:
> Finally, I rarely run a service in the default manner and usually drop the
> privileges and jail it and the processes, not to mention underlying kernel
> modifications.
You certainly seem to be very confident of your ability to withstand
attacks aiming to compromise your servers, not only from script kiddies
but also from the more "determined" and "skilled" sort of attacker.
I was wondering if you would be interested in sharing some of your tricks,
if you may permit me to call them such, with the rest of us so we could
share your confidence.
I guess what I am personally most interested in are the following:
* Which services beyond BIND do you chroot, how, and why?
* What sort of kernel modifications do you make? (Or am I misreading this.)
* Do you have any documentation, online or offline, that you would
definitely point others to as a starting point for ensuring that their
machines are secure?
Since your practices appear, at least in your writing, to go far and
beyond what seems to be the norm in the industry, I figure asking you
could not hurt.
(To the rest of [EMAIL PROTECTED], please feel free to
supply your own answers to the above. Additional knowledge can't hurt,
right?)
Thanks in advance to all.
Sincerely,
Chris Ess
System Administrator / CDTT (Certified Duct Tape Technician)
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
