[NCLUG] Network configuration

Quent quent at pobox.com
Thu Oct 26 14:41:20 MDT 2000


It sure wasn't intended to be FUD!  It was based on direct knowlege
and experience.

FUD, opinion, truth? I am not into spreading FUD but certainly am prone
to spouting lots of opinion. In this case my use of the word "likely" was
not some claim to absolute truth.  It was an opinion of probability based
on 15 years of experience. Counter-examples always exist.

Don't get me wrong, I use Redhat at home and at work and like it just
fine!

That's an excellent point: "Security is a risk exposure minimization
process, not a destination."  Well put!

I think we're all preaching to the choir here :-)

	Quent

On Thu, Oct 26, 2000 at 08:28:10AM -0400, R P Herrold wrote:
> 
> > > A stock, non-firewalled, Redhat system is likely to be cracked within days
> > > of being connected to the Internet.
> 
> ... Simply FUD and opinion, unless you mean by 'stock,' "not
> patched with updates" -- I daresay _that_ is true about ANY
> mainline OS or distribution costing less than $30k.  Even
> OpenBSD running a FTPD pre July 2000 would be vulnerable.
> 
> Also untrue.  I am called in to new sites to take over admin
> when folks get out of their depth.  Often I cannot understand
> how they were NOT cracked -- Open old named, open portmapper,
> weak passwords, ancient sendmail, unsafe cron, all services
> wide open and not wrappered.  I have one in mind that was
> running an unpatched RH 5.0, and had been for years, with an
> international clientele of users which was uncompromised.
> 
> 
> That said, security is a risk exposure minimizaton process,
> not a destination.  The first thing I did to that system
> mentioned in the prior paragraph was turn off, remove,
> wrapper, and update. 
> 
> -- Russ
> 
> 
> _______________________________________________
> NCLUG mailing list
> NCLUG at nclug.org
> http://www.nclug.org/mailman/listinfo/nclug
> 
> 



More information about the NCLUG mailing list