On Thu, Feb 6, 2014 at 1:08 PM, Levi Pearson <[email protected]> wrote:
> I know security is not easy, but if you're going to have a > public-facing server, you really ought to take the time to figure it > out. You'll spend less time doing that than you will cleaning up > after you get hacked. And, as you just experienced, you *will* get > hacked if you continue to rely on the Unix security model. > > It's too bad that most people don't think about becoming security conscious themselves. The business models I've seen in the past are: who cares, contract it out, or rely on a 3rd party systems (e.g. App Engine). None of these help engineers and architects become more security conscious. It's pushing the accountability somewhere else (in the first case, on the floor). I agree that learning about it is important. We've had PLUG meetings about SELinux and there are a bunch of introductions/tutorials on youtube. I'm personally not a fan of SELinux, but knowing about any LSM will at least give you a leg up on the average engineer. Putting that on a resume will look good. I can only imagine it will become more important in the future. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
