Incoming from Dave Wilson: > > I don't follow the security domain that closely, but I don't think linux > has had many recent remote OS access exploits, if any. I know that user
No there haven't been many, and they were fixed as fast as they were found. That still took some Debian servers down (remote kernel exploit), and Gentoo's servers were compromised (through not too close checking of the parentage of some packages, I understand). Gnu's servers took a very hard hit last year too. No backups, either. Oops. You can run a firewall on an old '386 headless box from a floppy, no hard drive. Don't run anything else on it. Open up only the ports you absolutely need to open up, log to another machine, and subscribe to one or the other security related mailing lists that all the distributions have. The SuSE security list was very good. So is Debian's. There are lots of good programs out there that will build your iptables rules for you interactively; fwbuilder, shorewall, etc. Don't ignore the inside. In a typical commercial setting, the users in your LAN can be just as much (or more) of a danger to your LAN than the big bad internet is. Replace telnet, remote shell, and ftp with ssh & putty. See distrowatch.com (?) and search for floppy based firewalls. -- Any technology distinguishable from magic is insufficiently advanced. (*) http://www.spots.ab.ca/~keeling - - _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
