At 02:56 PM 9/22/99 +0200, Stephan Lauffer wrote:
Maybe - if you´re the sysadmin of a server, you must check and modify the system in any cases. A "normal user" instead normally does not have a internet connection 24h a day and also no static ip-adress. So it´s not very important, if the security-level of the system is not very high.
I would contest this. In the US, at least, 24h/static is becoming a fairly common beast, with the proliferation of Cable Modems and xDSL. Considering that the "power user" is the one most likely to go for those connection options, and the "power user" is also the one most likely to be running Linux, there's a correlation there that should not be overlooked. ... because "power user" != "knowledgeable system administrator" D
Dear Derek Balling, concerning your mail sent on Wed, 22 Sep 1999 let me reply tho following:
I would contest this. In the US, at least, 24h/static is becoming a fairly common beast, with the proliferation of Cable Modems and xDSL. Considering that the "power user" is the one most likely to go for those connection options, and the "power user" is also the one most likely to be running Linux, there's a correlation there that should not be overlooked.
... because "power user" != "knowledgeable system administrator"
D
24/ in the net - then you _have_ to learn as much as possible about securing your box. But, on the other hand, it would be easier if a standard installation would not enable inetd by default. That would reduce the danger of a break-in. Martin
At 03:34 PM 9/22/99 +0200, you wrote:
24/ in the net - then you _have_ to learn as much as possible about securing your box. But, on the other hand, it would be easier if a standard installation would not enable inetd by default. That would reduce the danger of a break-in.
I agree, wholeheartedly, that people should have to learn everything they can if they're hooking up a box 24x7x365. BUT, on the same token, where it is easily achievable, the OS should come "out of the box" fairly secure (allowing the user to connect his machine to the net without much fear "out of the box", and then install patches/upgrades from the net, and THEN enable features). As it stands right now, you would have to have your patches/upgrades already downloaded on a local machine, because you couldn't "safely" connect the box to the Internet so as to GET the patches/upgrades. D
I think the main problem is that there are more and more users (those people who have heard about linux being more secure than windows 95/98 and therefor installed it without any knowledge about what security is) who get the opportunity to surf through the web the whole web and they simply don't want or can't (Hey, they are no admins, so why should they care about security) read and know all that security stuff. So I would say that all the distributions should be shipped with ALL services disabled (it is nothing more than a simple yes/no in a configuration file). Jochen Windows user laughing: Ha ha ha, you are trusting a bird that can't even fly! Linux user: Something that cannot fly is not likely to crash!
participants (3)
-
Derek Balling
-
Jochen Mader
-
Martin P. Peikert