-
December 8th, 2004, 09:16 PM
#231
OK, so what about someone like me who installs SUSE custom, and SUSE, which has all services, well most of them, which would include X, shut down by default, then updated with all patches, and the thing hasn't booted yet. Upon boot up the machine is already locked down, updated and even hardened. harden_suse comes with it as well as the other, Bastill.
That's fine but there aren't too many "you's" around. And that's the problem. It's not people like you that make us cringe. It's schmucks like "Mr. rm -rf *" that make us cringe. They know just enough to be stupid and yet deadly at the same time. Give them an OS they think they know and don't really investigate, and disaster will still happen. E.g., Oh look. I can't surf. Ok. I'll open up and make the firewall allow all.
Hey, Suse can be hardened up the wazoo from the start but if the "culture of security" isn't there with the end user, it means diddly because they may reverse those hardened features or worse, install things that just break them.
-
December 8th, 2004, 09:17 PM
#232
If the computer is getting owned in the first 10 minutes of it being installed, that isn't the operating system's problem, thats the users fault for not having the firewall configured correctly
-
December 8th, 2004, 09:45 PM
#233
lol, poohsuntwo, I like that. I think we should argue about nodes vs. ints, don't ask .
pooh, I got a reply from my professor, and that was a bug, so I found two bugs in a 3.5 year old program :P. I guess I'm just leet . Peace.
edit
whoa, I think i missed a page between the post I was referring to with pooh sun two in it :P. Oh well. Ok, maybe 3 pages, 6 if you only have 10 posts per page.
-
December 9th, 2004, 04:20 AM
#234
Hey, Suse can be hardened up the wazoo from the start but if the "culture of security" isn't there with the end user, it means diddly because they may reverse those hardened features or worse, install things that just break them.
So can any other OS. Simple fact is..you can lock down any Operating System, I personally don't give 2 shits about it being locked down "before it boots", or what it takes to lock it down. It's the fact that it CAN be locked down that matters and anything, yes ANYTHING can be locked down, even windows. This would explain why the military is commisioning microsoft to build a "secure" version of the operating system. What does it entail? Very little..just like the SuSE info gore is spouting off about. Trim the fat, kill some services, patch the system..and yeah it's secure...before it boots, after it boots..it's all semantics...that's all it is. Anything can be attacked, anything can be compromised..what really matters is who is in the chair.
Don't get me wrong I favor a good nix operating system over a windows box, and the only real use I've had for a windows box in some time is to make my users happy, and to infect it with every virus/rootkit/ssl sniffing spyware I can get my hands on.
Why hasn't this thread died yet?
Antionline in a nutshell
\"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"
Trust your Technolust
-
December 9th, 2004, 04:55 AM
#235
Originally posted here by hogfly
So can any other OS. Simple fact is..you can lock down any Operating System, I personally don't give 2 shits about it being locked down "before it boots", or what it takes to lock it down. It's the fact that it CAN be locked down that matters and anything, yes ANYTHING can be locked down, even windows. This would explain why the military is commisioning microsoft to build a "secure" version of the operating system. What does it entail? Very little..just like the SuSE info gore is spouting off about. Trim the fat, kill some services, patch the system..and yeah it's secure...before it boots, after it boots..it's all semantics...that's all it is. Anything can be attacked, anything can be compromised..what really matters is who is in the chair.
Don't get me wrong I favor a good nix operating system over a windows box, and the only real use I've had for a windows box in some time is to make my users happy, and to infect it with every virus/rootkit/ssl sniffing spyware I can get my hands on.
Why hasn't this thread died yet?
What about the fact that most boxes have... What was it? 20 minutes? If they were patched before a boot up that wouldn't happen. Not everyone has a hardware firewall blocking them before they update a fresh install.
This thread deosn't need to die. It's the only thing on the front page with this many posts that actually has something to do with security, and nothing to do with tech support crap.
-
December 9th, 2004, 05:34 AM
#236
Gore: sure, but every windows box in the past 5 years has had packet filtering ability, and xp has it's own firewall. No need for a hardware firewall at all.
As for this dying..you should create a new topic for us to debate.
Antionline in a nutshell
\"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"
Trust your Technolust
-
December 9th, 2004, 05:46 AM
#237
If they were patched before a boot up that wouldn't happen.
Or, if they weren't plugged into a network on their first boot up. Just boot up and install patches, enable the firewall and configure without connecting to the net...
If you have to be on a network for efficiency, firewall the network. The whole 20 minute argument with unpatched Windows boxes only works without a firewall. The network should be firewalled anyways.
It seems to me an OS that is patched, updated, and configured before a boot up has even occured would be mighty hard to root.
You can have the earliest of XP (no patches) with ICF enabled and it would still be tough to root until its patched. Unless, the admin is checking their email of course. Basic security measures would require a firewall on your network, so personally I would consider it safe to finish your installation and patches in that enviroment.
edit: this thread could go on forever, but theres no reason to kill it.
-
December 9th, 2004, 07:13 AM
#238
Originally posted here by hogfly
As for this dying..you should create a new topic for us to debate.
http://software.newsforge.com/articl.../12/01/2329229
-
December 9th, 2004, 10:59 AM
#239
Gore, why not start that in a new thread? Otherwise, you'll get a mix of postings here.
-
December 13th, 2004, 01:06 PM
#240
Banned
I've personally managed multi-node WANS running NT boxes for over 8 years before being decomissioned, and were not once infected with a virus, or compromised in any fashion. Same with Windows 2000. And most of our users had laptops that were allowed to leave the buildings at will.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|