Hi all,
have been following this thread with interest.
The way I understood the original post was that its not necessarily about
making a box impossible to crack (impossible to do) but by making it as
difficult as possible to mess with if it does get compromised.
The best analogy is with anti-theft devices. It is impossible to prevent the
determined burglar from breaking-in but there is alot that you can do to
deter the opportunist.
With a system set up as described it would be a great deterrent to most
script kiddies running a few sploits they got from cDc or something (You
know the routine - ping sweep an IP range, nmap o/s fingerprint & portscan
any machines you find, then run your sploits against the best candidates).
The box would also likely be completely unusable for most automated sploits
(a-la Lion Worm) which tend to rely on certain standard apps/utilities being
present.
Of course the less apps/utilities/daemons there are in a system the less
likelyhood of one of them being compromised anyway.
I think the original idea is actually not a bad one. It could be useful as
part of an overall admin strategy - not a panacea in its own right.
My $0.02.
Best Regards
Earl
"Historians are like deaf people who go on answering questions that no one
has asked them."
Leo Tolstoy
***********************************
[[EMAIL PROTECTED]]
www.lindenhouse.co.uk
Tel: +44 (0)1223 834383 (Office)
+44 (0)7812 179759 (Mobile)
***********************************
