[Techtalk] DMZs, etc.
Raven, corporate courtesan
raven at oneeyedcrow.net
Wed Dec 12 00:43:39 EST 2001
Heya --
Quoth jhamilto at n2h2.com (Tue, Dec 11, 2001 at 11:05:07AM -0800):
> Security is made up of more that just 'is your box broken into?'. In
> fact, setting up a 'secure' system includes more factors that you may
> realize.
Yah, and I think that's one of the reasons why learning Unix
security is fairly difficult. To be really good at it, you have to have
a deep understanding of all the things you're securing. So you have to
know your system really well to know where it might be vulnerable. Lots
of folk seem to advocate teaching security first, but that's really hard
when you don't even know what it is you're supposed to be securing yet.
"Make sure no programs that don't need it have the setuid bit set" is
all well and good, but if you don't know what setuid is or does yet, or
what all these programs on your system are, how are you supposed to know
what needs it and what doesn't?
For me, it's been mostly an assembled process. Learn the
relevant protocol and daemons, then try to figure out ways to make it so
that it is less likely to be exploited. Y'all's mileage may vary, of
course.
Cheers,
Raven
More information about the Techtalk
mailing list