Re: Linux Security

From: Robin Lynn Frank (rlfrank@paradigm-omega.com)
Date: 01/18/02


To: security-discuss@linuxsecurity.com, BUNTER MATTHEW <Matthew.Bunter@renaultvi.com>
Date: Fri, 18 Jan 2002 06:43:30 -0700
From: "Robin Lynn Frank" <rlfrank@paradigm-omega.com>

On Friday 18 January 2002 01:48, BUNTER MATTHEW wrote:
> --- Reçu de RVIDOI.BUNTERMA 04 72 96 57 77 18/01/02 09.48
>
> All,
>
> I am by no means an expert but from past experience, reading advice from
> far more experienced persons than myself and having to deal with budgets, I
> sincerely believe that Linux machines can be made secure enough to reduce
> the risk of compromise.
>
> This doesn't always involve 'sexy' security tools. Not having X, telnet,
> printing, or mail on a server that doesn't provide that service to a
> business goes a long way. Don't use a Mack Truck when all you need is a VW
> Beetle! Making sure sysadmins use tools like ssh (yes I know there have
> been issues), ensure no generic accounts, good password rules, sudo
> (ditto), processes for logging;, clearly defined roles and
> responsibilities, and the list goes on.
><snip>

I tend to agree. Since switching all our offices over to Linux last June, we
have been adhering to a policy that each box has what it needs and nothing
more. We have one exception at a remote office that runs solely on solar
power. There, due to power constraints, we have one box that must provide
both server and workstation functions. We monitor it very closely.

-- 
Robin Lynn Frank

Director of Operations Paradigm-Omega, LLC ============================================================ For security reasons, no attachments or HTML content will be accepted. ============================================================ Copyright © 2002. All rights reserved. Unauthorized reproduction or distribution is prohibited. ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.