[huskerlug] Re: CERT Advisory

• From: "Jeff Ives" <jives2@xxxxxxx>
• To: <huskerlug@xxxxxxxxxxxxx>
• Date: Fri, 15 Aug 2003 23:10:06 -0500

My comments is more about people looking for "one" security measure, =
"one"
perfect OS, "one"... And simply there is no such thing. It's all about =
risk
management vs. functionality. Plus never over look any part because it's =
the
simple exploits that get you most times.

I like dividing up tasks across lots of systems and having different =
flavors
of OSs and programs...Like a Novell file server to store the files
(ncpmount), a Linux system to front end apps (Apache, PHP, etc) and a
Solaris system to backend (MySQL, etc) all behind a firewall with IP
masquerading (NAT) and port forwarding.  Try to give each system =
non-root
access to each other so if one piece is compromised the entire setup =
isn't
loss.

I've always thought if they hacked my apache server that it wouldn't do =
them
much good #1 only port 80 goes to that system, ssh and the like go to a
different system the system many times use different flavors of Linux =
and
80% share no passwds directly in common.

-----Original Message-----
From: huskerlug-bounce@xxxxxxxxxxxxx =
[mailto:huskerlug-bounce@xxxxxxxxxxxxx]
On Behalf Of Steve
Sent: Friday, August 15, 2003 5:14 PM
To: huskerlug@xxxxxxxxxxxxx
Subject: [huskerlug] Re: CERT Advisory


On Friday 15 August 2003 12:26 am, you wrote:
> Layered security is the only way. First cut off physical access, then=20
> =3D

Agreed.  My suggestions were meant for host security only and not to be =
all=20
encompassing for the different layers of security required to provide a=20
reasonably secure environment.  After all, how much benefit is there to=20
hardening a host if you set it up on the street corner at 17th & Vine? =
:-)=20

--=20
Steve Bremer
RHCE,CCNA
--
Real Men don't make backups. They upload it via ftp and let the world=20
mirror it. -- Linus Torvalds
--
GnuPG Key fingerprint =3D 7F06 4D73 7963 BE96 5189  953A E285 CB2C BA03 =
2746
Available on key servers.

 =20


----
Husker Linux Users Group mailing list
To unsubscribe, send a message to huskerlug-request@xxxxxxxxxxxxx with a
subject of UNSUBSCRIBE


----
Husker Linux Users Group mailing list
To unsubscribe, send a message to huskerlug-request@xxxxxxxxxxxxx
with a subject of UNSUBSCRIBE

• Follow-Ups:
  • [huskerlug] Re: CERT Advisory
    • From: Patrick
  • [huskerlug] Re: CERT Advisory
    • From: Steve

• References:
  • [huskerlug] Re: CERT Advisory
    • From: Steve

Other related posts:

• » [huskerlug] CERT Advisory
• » [huskerlug] Re: CERT Advisory
• » [huskerlug] Re: CERT Advisory
• » [huskerlug] Re: CERT Advisory
• » [huskerlug] Re: CERT Advisory
• » [huskerlug] Re: CERT Advisory
• » [huskerlug] Re: CERT Advisory
• » [huskerlug] Re: CERT Advisory
• » [huskerlug] Re: CERT Advisory
• » [huskerlug] Re: CERT Advisory
• » [huskerlug] Re: CERT Advisory
• » [huskerlug] Re: CERT Advisory
• » [huskerlug] Re: CERT Advisory
• » [huskerlug] Re: CERT Advisory
• » [huskerlug] Re: CERT Advisory
• » [huskerlug] Re: CERT Advisory
• » [huskerlug] Re: CERT Advisory
• » [huskerlug] Re: CERT Advisory
• » [huskerlug] Re: CERT Advisory
• » [huskerlug] Re: CERT Advisory
• » [huskerlug] Re: CERT Advisory
• » [huskerlug] Re: CERT Advisory
• » [huskerlug] Re: CERT Advisory
• » [huskerlug] Re: CERT Advisory
• » [huskerlug] Re: CERT Advisory

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription