At 09:45 PM 9/20/2001 -0500, Elaine -HFB- Ashton wrote:
>Dan Sugalski [[EMAIL PROTECTED]] quoth:
>*>
>*>If you go redhat (And I'd go and pay for the distribution), the very
>*>*first* thing you should do is connect up to redhat's support site and
>*>update everything. There isn't a redhat release (nor any other linux
>*>distro, AFAIK) that's really safe. Average compromise time for one on the
>*>net full-time's reported to be around 48 hours by some folks.
>
>Why haven't the linux distributers addressed this monsterous problem?
>OpenBSD and NetBSD both have far more reasonable and secure default
>installs and I would think it wouldn't be an extreme feat of effort to do
>the same for Linux...maybe I'm just guessing but users should really
>demand that. Wasn't there an NSA 'secure linux' ditro somewhere?
Well, it's not just Linux--RedHat's not responsible for the set of security
flaws that BIND had, for example. (Though the attitudes towards security
are not always as paranoid as, for example, us VMS folks are comfortable
with... :)
The biggest problem is that the CDs you get for the various OS
distributions are fixed--once they're in the channel there's not much to be
done about it, and any flaws in the code on those CDs will be found and
exploited. The exploits are always more up to date than the CDs are, so no
matter what OS you're running the first thing to do is apply any
outstanding patches.
Dan
--------------------------------------"it's like this"-------------------
Dan Sugalski even samurai
[EMAIL PROTECTED] have teddy bears and even
teddy bears get drunk
