I'm a Bering user, not a developer, but I too found the issues raised by Troy and Richard relevant and interesting. May I contribute some thoughts, even of they are more psychological than technical?
Troy wished for apt-get functionality. While I can understand the desire for automating the process, I'm not so sure it's that great an idea when it comes to security. To me it's analogous to Americans' desire for a simple little pill that will keep them thin and fit. In both cases, it seems to me the greater part of the value is in doing the work yourself. It seems it would only exacerbate Richard's search for proof that would reassure his boss. If Bering were updated automagically, and one began to rely on that, how long would it take for one to lose track of just what the state of Bering's protections were? Would you be more confident or less? I think I'm more on Martin's side. A considerable advantage of Bering, as opposed to a full-function Linux distribution as a front-line defense, is the restriction on what is there. Supposing one did break-in and achieve a console prompt, there are no compiler or tools there to assist one in going further and penetrating the internal network. That's not to say that it can't be done without them, but that it's harder, rather than simpler as with a full-featured distro, and probably beyond the capabilities of amateur "script-kiddies". While watching the logs only reveals what was caught, and not what might have been able to sneak through undetected (perhaps because it was "invited in" by allowing some "browser helper" to install itself), examining and perhaps reporting to the boss on all the attacks which were detected and defeated does provide some measure of confidence. It's important to recognize that even with Bering functioning at the border, an internal intrusion detector provides that final measure of confidence that what, if anything, comes through will be detected. Bering doesn't relieve one of this responsibility. And it is necessary on an internal network of significant size to protect itself from internal as well as external attacks. Doing one's own maintenance and upgrades of Bering means one knows just what's there, and gives one the opportunity to examine it's README, CHANGELOG, etc. If there is a flaw there, it is that the installer/sysadmin installing and maintaining Bering hasn't been publicizing just what Bering is in fact doing, and NOT doing, to protect the internal network. Management should be made aware and up to date on just what Bering is doing. No, I think since it involves security, automating Bering maintenance isn't necessarily a good idea for the network sponsors. Paul Rogers ([EMAIL PROTECTED]) http://www.xprt.net/~pgrogers/ http://www.geocities.com/paulgrogers/ Rogers' Second Law: "Everything you do communicates." (I do not personally endorse any additions after this line. TANSTAAFL :-) ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf ------------------------------------------------------------------------ leaf-user mailing list: [email protected] https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
