Re: Mac X-Server Security Questions...

From: Javier Blanque (javier_at_blanque.com.ar)
Date: 04/07/05

  • Next message: Gary Everekyan: "RE: Email retention" 
    Date: Thu, 7 Apr 2005 00:00:48 -0300
To: "Brad Berson" <brad.berson@bytebrothers.org>

    I agree with you about securing by mixing platforms and adding layers
    of complexity (even if it complicates our existence).
    But I don't agree about everyone being the same thing, there are guys
    that are corporate "kids" more prone to add functionality to their
    systems, and people that think about security from the design. OpenBSD
    is not the same as Windows, I probably wouldn't install a Windows based
    firewall for network protection of a corporation, but I could use
    OpenBSD for the task. May be there are good firewalls for Windows, but
    their task is more difficult because of the size of the os
    (functionality and generations of work without security as a priority).
    Mac OS X is a secure OS, of course comparing it to the rest. Not as
    good as OpenBSD but better than Windows or Linux, still not without
    bugs; and we nedd to remember: a bad platform well administered is
    better than a good platform without care, from a security vision.
    Apple helps you with security matters more or less the same as other
    propietary platforms, it always depends on knowing the right persons.
    The problem is reaching those persons.
    Best regards,
    Javier Blanque

    El 06/04/2005, a las 23:07, Brad Berson escribió:

    > Thank you Javier, you gave me many good sources of information.
    >
    > Does Apple walk you through forensics if you think you're a zero-day
    > victim?
    >
    > Not much point arguing quantity or criticality - my suspicion is that
    > every OS and their respective increasing number of layered bits and
    > pieces have more or less as many holes, and it's just a matter of how
    > many people are willing to devote their time and energy finding them.
    > Unfortunately it seems like hackers with mischievous intent are very
    > energetic indeed. A rootable exploit on one OS is just as critical as
    > a
    > rootable exploit on another, and being victim of a zero-day is costly
    > and alarming, be it public or otherwise.
    >
    > I think I'm encountering something of a conundrum now. Best security
    > practices dictate the use of multiple platforms to limit the extent of
    > hacking damage through diversity. But the same diversity results in
    > much more work necessary to track vulnerabilities and patches on those
    > extra platforms.
    >
    > -Brad
    >

    ---------------------------------------------------------------------------
    Earn your MS in Information Security ONLINE
    Organizations worldwide are in need of highly qualified information security
    professionals. Norwich University is fulfilling this demand with its MS in
    Information Security offered online. Recognized by the NSA as an
    academically excellent program, NU offers you the opportunity to earn your
    degree without disrupting your home or work life.

    http://www.msia.norwich.edu/secfocus_en
    ----------------------------------------------------------------------------

  • Next message: Gary Everekyan: "RE: Email retention"