Linux Security

From: BUNTER MATTHEW (Matthew.Bunter@renaultvi.com)
Date: 01/18/02


Date: Fri, 18 Jan 2002 09:48 +0100
From: BUNTER MATTHEW <Matthew.Bunter@renaultvi.com>
To: security-discuss@linuxsecurity.com


--- Reçu de RVIDOI.BUNTERMA 04 72 96 57 77 18/01/02 09.48

All,

I am by no means an expert but from past experience, reading advice from far
more experienced persons than myself and having to deal with budgets, I
sincerely believe that Linux machines can be made secure enough to reduce the
risk of compromise.

This doesn't always involve 'sexy' security tools. Not having X, telnet,
printing, or mail on a server that doesn't provide that service to a business
goes a long way. Don't use a Mack Truck when all you need is a VW
Beetle! Making sure sysadmins use tools like ssh (yes I know there have been
issues), ensure no generic accounts, good password rules, sudo (ditto),
processes for logging;, clearly defined roles and responsibilities, and the
list goes on.

As Bruce Schneier writes : Security is about processes not technology

The stuff above doesn't usually cost money. It necessitates a change in
working practices but reduces risk and can be a good selling point for ISPs,
web-hosting, business with partners.

Rant over.

I think the disclosure of security issues is a VERY good thing. Everyone of
these issues identifed means that people are looking, fixing, working like the
Linux community can and the closed source community can't. Show customers how
fast a fix is released then show them the confidentiality contracts Microsoft
want security companies to sign. Linux has a way to go (for the desktop) but
it is winning.

Regards,

Matt

------------------------------------------------------------------------------

Date: Thu, 17 Jan 2002 19:48:38 -0500
Subject: Linux Security

Dave,

I have been wondering the same thing about Linux security. I have one Linux
desktop, Linux laptop, Linux firewall and Linux server (EnGarde) and it seems
I am patching at least one everyday. Is it because Linux has security
problems, or are users and vendors finally taking security serious? Has Linux
moved beyond the toy of its start, to a worthy OS and now we are seeing real
security threat against Linux? I think the smugness of no Linux viruses is
over. Time to expect and plan for the worst. Our OS of choice is maturing and
gaining popularity, so we will become targets too.

Just my 2 cents.

--
Best Regards, Bruce
Bruce E. Harris <beharri@speakeasy.net>
http://www.harrisherd.com
"They that can give up essential liberty to obtain a little
temporary safety deserve neither liberty nor safety." -- Benjamin Franklin
------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.

---- 18/01/02 09.48 ---- Envoyé à --------------------------------------- -> security-discuss(a)linuxsecurity.com ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.