Hi Louie,
#define IFF "if and only if"
On Mon, 2003-09-15 at 16:26, Louie Miranda wrote:
> What crap?.. "telnet has no place in a secure network"? oh.. Pati ssh.
IFF I were a Sysad trusted to secure a network and an overall system, I
would NOT DARE allow ANY point of compromise on ANY of the hosts I am in
charge of. IFF I were to secure something, I would do it with a paranoid
mindset, and not let anything pass me by.
> Even remote shell (SSHd) tool can be compromised ;). Its a fact. In time may
ANYTHING CAN be compromised. It's just a matter of letting others
compromise hosts you control or hosts you have jurisdiction over.
Security is something that should not be taken lightly, because a lot of
things rest on the competency and integrity of the system and the
administrators -- like sensitive business information, and data CRUCIAL
to the operation of an institution.
We're not discounting the possibility of ANYTHING being compromised.
However, it wouldn't be wise to play with fire in a room full of rugs.
By allowing others to use an insecure tool, an insecure protocol, and an
insecure system, you are then exposing your whose system therefore
compromising the very integrity that is crucial on systems that need to
be secured. Letting others give away their password and commands IN
PLAIN TEXT on the local (or public) network is simply stupid.
That's the point being made, and since the ssh protocol has measures
guarding against these, you would sleep better at night as an
administrator IFF you care about exhausting the available means and
maximizing the security measures available to you as you setup and
operate with the system you are administering.
Even on your own box, if you don't care about people knowing what you
have on your box and possibly use it to mount attacks on others, then
fine go ahead and put all the insecure stuff you want in there.
Otherwise, you might as well take the measures you could and should to
be able to secure YOUR box, right?
> darating
> na exploit for it, we all know that.
>
At least we'll be prepared, and for now we'll be enjoying the security
being offered by the available technologies.
> Go all the way? You're just going to install it, bat naman "circumcision"?.
>
Lets say you install it. So kung inde mo gagamitin bakit mo ininstall?
What's the point?
> Kaya nga, secure ur network always, etc. Be wise sa security.. lahat nang
> topics about security..
>
Therefore, DON'T RUN ANYTHING INSECURE. If you don't believe that giving
away login passwords UNENCRYPTED over the network is INSECURE, then I
can't help you on that. :)
> IMO
Of course, IYO.
// All meant in good faith, and for the purpose of discussion only.
// No offense meant. SPAM and flames to [EMAIL PROTECTED]
> -
> Louie
>
Dean
--
-=[mikhail]=-
<info>
<alias>Dean Michael C. Berris</alias>
<contact>
<phone type=home>+63 49 5680142</phone>
<phone type=mobile>+63 919 8720686</phone>
</contact>
<web type="homepage">http://free.net.ph/Members/mikhailberis</web>
<web type="blog">http://mikhailberis.blogspot.com</web>
<misc id="yahoo_id">mikhailberis</misc>
<misc id="gpg key">08AE6EAC</misc>
</info>
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS d- s:+ a--- C++ UL++ P+ L+++ E- W+ N* o K w--
O---- M- V-- PS+ PE Y+ PGP++ t+ 5 X+ R+ tv+ b++ DI+ D+
G e h! r+ y+
------END GEEK CODE BLOCK------
--
Philippine Linux Users' Group (PLUG) Mailing List
[EMAIL PROTECTED] (#PLUG @ irc.free.net.ph)
Official Website: http://plug.linux.org.ph
Searchable Archives: http://marc.free.net.ph
.
To leave, go to http://lists.q-linux.com/mailman/listinfo/plug
.
Are you a Linux newbie? To join the newbie list, go to
http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
