On Thu, Feb 13, 2003 at 02:01:49PM -0500, Kent Borg wrote:
> > With all due respect, not only is that a very misguided attitude, it's a
> > dangerous one to promulgate.
>
> First, a point of order: if you are sincere about the "with all due
> respect"-part, then don't suggest that I am a cracker.
"With all due respect", in this case, means what I said. I accord the
respect due you, based on what I know. In this case, I have a serious
question about either your understanding of security, or your motivations.
Nothing more, nothing less.
> I wrote a short post describing how to make and keep a Red Hat system
> secure. I glossed over some details, but I still think it was pretty
> good, and damn specific, given how short it was.
And if every package is secure, and every package that SHOULD be
disabled IS disabled, and there are no bugs in the kernel networking
or core utilities, and there are no bugs in the configurations for a
half-dozen different, and often complicated, networking applications,
it should produce a secure system at the time you last audited everything
and before anything changes.
> You assert that it won't work.
Read what I posted. I said that IF RedHat distributed a secure system,
and IF you didn't break anything, and IF you understand and reliably
execute all updates and changes, and IF the bad guys don't find a new
vulnerability before you do, and IF you fully understand the system and
how to maintain it, THEN it could work, for you. BUT that even so, you
are in a more untenable and vulnerable position, in that you've given
yourself a very broad, diffuse range of applications and configurations
to defend. (I also assume you don't have any untrusted or questionable
users on your system, who might change something of which you're unaware.
AND I said that you're giving advice to newbies as if it's something
they should do, and that there's no advantage to a firewall. This is
irresponsible and unrealistic. Because I can't understand how anybody
who's really had to deal with security and incursion attempts could really
propose this approach, I posited that there is one class of individual who
would benefit from promulgation of such a "security" model. If you're not
in that class, good. Then you're forgiven; you just know not what you do
by suggesting this approach to newbies.
Running a well-configured firewall in addition to doing everything you
suggest is good security practice. Suspender and belts, defense in depth,
redundancy with differentiation, whatever buzz-phrase you want to use.
Running two firewalls, and putting only those systems to be exposed to the
'Net through the audited bastion firewall, is excellent security practice.
You get bonus points for not running your database on the same machine
as the Web server accessing it.
Relying on the infallibility of your software and administration as your
only defense is, to be blunt--and I have been in these posts, far more
than I usually am, because I'm quite worried that someone will believe
your approach--naieve and dangerous.
> OK, be specific. Reread what I posted. Assume that such a RH 7.0
> system has been on the internet, maintained as I described, without
> a firewall, for the last two years. Tell me how it got rooted during
> time. Be specific.
Oh, please get real. I'm not spending that kind of time on this;
I wouldn't have been drawn into this discussion if it was only your
system at risk. It was your recommending this approach to others that
got me worried.
Maybe you, individually, are good enough to keep everything up-to-date and
tight.
Maybe you got lucky.
Or maybe you got rooted and never knew it.
--
Dave Ihnat
[EMAIL PROTECTED]
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
