On 15/6/02 10:59, "Ben Reser" <[EMAIL PROTECTED]> wrote: > On Sat, Jun 15, 2002 at 10:20:25AM +0200, Jeroen Diederen wrote: >> Is there anybody who has experience with Mandrake-ppc based boxes used as a >> network server. Is it possible to configure all of the server services with >> Webmin , the web based program ? If it is so, it would be a versatile method >> to administer a network server. By services I mean (firewall, routing, FTP, >> mail, proxy, print etc). Can someone please respond to this? I think there >> is a great need in the world for documentation on this. As I am aware that >> ppc-based linux boxes are less vulnerable to hackers, it would be a great >> thing to use them as portals for a network. The thing is, that if people >> really want to use Linuxppc (or even better Mandrake-ppc) based boxes, it >> has be simple to configure them, without having to dig into command lines to >> deeply. What is your opinion ? > > This assertion that ppc boxes are less vulnerable to hackers is like > saying that the person who drives a Mercedes is less likely to be in an > accident. Sure there are less Mercedes on the road. But I'm sure that > they have reasonably similar issues with getting in accidents. The > parallel works here because in many cases getting hacked is just that an > accident. The hacker happens upon you by accident or you make a mistake > in your configuration. Nobody intends on getting hacked any more so > than anyone intending to get in a car accident. > > I'd go so far to say that the vast majority of successful attacks > against boxes on the net are the result of poor configuration. Not > buffer overflows or other attacks that allows the attacker to carefully > craft data that has machine code hidden in it. > > The only advantage PPC has at this point is that some attacks don't work > off the shelf. However, if everyone runs out and puts up a PPC box it > won't be long until the machine code for these exploits to work on PPC > starts popping up everywhere. And don't kid yourself into thinking that > some of this code doesn't already exist because I've seen it. > > At best the PPC architecture gives you some obscurity but by no means > can you say it is less vulnerable to hackers. Running Mandrake on PPC > means you're running almost exactly the same code on your machine as the > people running X86, with perhaps some small changes and of course > different drivers for the PPC hardware. > > By posting such assertions to this mailing list you are doing a great > disservice to less educated folks who may not understand the details of > how these things work. > > What's particularly ironic about your post is that you're obviously > concerned about security, yet are desiring to use webmin to make > configuring "easy." Such ease of use is often times the worst enemy of > security. And webmin has a pretty bad track record regarding security, > including some issues that don't require machine code and would > eliminate the supposed security advantage you presume to exist. > > As a result of webmin's history I specifically don't install it on my > machines. So I can't help you with it. > > One last thing. I'm not picking on you in particular. You aren't the > first to mention this issue. But I really don't think people should be > allowed to be misinformed. As the assertion seems to be becoming more > common I feel that it's time to speak up about it.
Thanks for your long and clear Email message. So basically what you say is that there is no easy way out, in configuring the box ? If you want to be secure ? How did you set up a netowrk then anyway ? In the command line or do you have some other kind of trick ? You are probably right on the webmin, but I know for example that webmin can also be run in a state that only the local user can have access to it (127.0.0.1). But maybe that can also be passed...I don't know. Can you say something about the missing wizdrake in the ppc architecture and the package that might be a substitute to that ? ------------------------------------------ Best regards, Jeroen Diederen http://diederen.demon.nl
