[NCLUG] Why not Root?
John L. Bass
jbass at dmsd.com
Sat Mar 17 15:23:16 MDT 2007
So, it frequently doesn't matter if the user is root or not, if the machine has
a determined attacker targeting it. Good practice is always use a hardware
firewall with reasonable settings to minimize external connectivity anyway.
John
Let me put it another way ... what are the attackers goals?
If it's personal, and they are out to compromise some confidential
information you hold, or destroy it, they do not need SUSER access
for their trojan.
If it's some spammer, they do not need SUSER access to setup a trojan
mailer or P2P server ... all that is just as effective running as a
normal user.
So, in short, the premise that you are somehow safe if you can prevent
the attacker from gaining SUSER access is basicly, flawed.
And, arguements which claim ROOT logins are somehow unsafe for a typical
desktop personal use machine based on security/exploits, equally flawed.
John
More information about the NCLUG
mailing list