Ask any security specialist person and they will tell you that "Paranoid is GOOD".
There is no reason to not be paranoid now a days. You never know who is watching your network or examining your systems. There are tons of tools for doing this available at various places around the internet. And as someone who was used in the past as a mail relay for a spammer, I am now VERY paranoid about system security. Matthew Soffen - Webmaster http://www.iso-ne.com/ ISO New England 1 Sullivan Road Holyoke, MA 01040-2841 (413) 535 8167 ============================================== Boss - "My boss says we need some eunuch programmers." Dilbert - "I think he means UNIX and I already know UNIX." Boss - "Well, if the company nurse comes by, tell her I said never mind." - Dilbert - ============================================== > ---------- > From: Chris Wertman[SMTP:[EMAIL PROTECTED] > Reply To: [EMAIL PROTECTED] > Sent: Wednesday, September 09, 1998 6:50 PM > To: [EMAIL PROTECTED] > Subject: Re: Even more RE: is there a problem definition > > Well......I have a question for all..........why is everyone > sooooooooooooooooo > PARANOID ????? Now yes, I know that hackers are in every broom > closet just > waiting to exploit any hole they can dig their claws into. But geeze , > personally > Im not hosting the files that will bring world armageddon on my > system. People > out there do still use telnet out there (alot...and with little or no > problems) I > use ssh , not because Im paranoid but because its good sound security > practice , > and Its a no brainer for any half baked Unix person to install and run > in about 5 > minutes. Some decent security is all we need here . not all of this > extreme > Overkill I seem to be sensing on the horizon . BUT it also needs to be > fairly > easy to set up , and would seem to me the more configurable it is > wether it be > through ssh or ssl would be enough to allow for both an easy and > moderatley > secure session and for those of you out there that have nightmares > about hackers > in your basement , be configurable enough to allow Any kind of > bleeding edge > security measures to be implemented. Everything can be hacked given > enough > effort, if youre that big of a target or what you host is sooooo > mission critical > , I cant belive you wouldnt die of sleep deprivation in a week from > fear of ANY > remote admin tool , including ssh or ssl. For the rest of us I think > not being > swiss cheese is Ok (as long as it leaves the flexibility to be turned > into near > bombproof should the need arise) ....While Im spewing worthless > opinions I think > being cross platform is cool , BUT 2 versions Identical in operation 1 > for the > Win32 Platforms and one for *nix would be Okay with me . Probably alot > easier to > code for 2 different platforms to begin with and make em do the same > thing , > because these are 2 very different OS'es . Things that are cake on one > can look > like a root canal on the other. And security hazzards present on One > platform are > not present or in different degrees on the other . > > Chris Wertman > > P.S. Gary, when I say paranoid Im not referring to you , just some > general > feeling Im getting from some of these guys , and after typing this > long winded > PUFF , Im too tired to cut and paste it into a new thread....:) > > Gary E. Bickford wrote: > > > Yes. > > The Object Consortium or whatever and Javasoft have worked out a > CORBA-RMI > > (IIOP-RMI?) interface, which in theory allows RMI to be carried over > not > > only IIOP but DCOM. > > > > Also, using an SSH (http://www.ssh.fi or http://www.datafellows.com) > or SSL > > tunnel http://www.c2.net) you can have your pick a port and forward > it from > > localhost to the server, encrypting and compressing it on the way. > SSH can > > be used on any port and any address (there are various configuration > vs. > > access options here), and its a good idea to use it instead of > telnet > > anyway for linemode access (You're still using telnet?!?!?!? Tsk!!) > It's > > free for unices. > > > > The SSL tunnel has the advantage of using an already-open port > (443), so > > that might be better. But I don't know of a freeware SSL tunnel. > > GEB > > > > At 2:54 PM -0500 9/9/98, Pfister, Robert \(MCI\) wrote: > > > Here is where Java has an interesting approach to > distributed > > >computing. A configuration tool built with Java could be > arbitrarily split > > >in half and implemented using RMI. Something like the following: > > > > > > Server objects: > > > > > > Configuration files > > >- read > > >- write > > > > > > Server > > >- start > > >- stop > > >- restart > > > > > > > > >The client simply has a GUI and use RMI (Remote method invocation) > to > > >read/write configuration files, and to start/stop the server. The > server > > >would need only minor configuration options, like the port to > listen on, and > > >how to authenticate client connections. > > > > > >It sounds like the only drawback is the RMI communications. RMI is > another > > >port through a firewall, and it isn't encrypted. > > > > > >What do you think? > > > > > >Robb > > > > Gary E. Bickford, [EMAIL PROTECTED] > > Sr. Systems Administrator, Connect Schlumberger > http://www.connect.slb.com > > >
