Re: Security basics

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wednesday 03 October 2007, Karl Larsen wrote:
>     This whole line of reasoning is false. I don't care if Hacker, the
> bad guy, gets on my computer with ssh. He then needs to come up with a
> valid login name and password. If he fails at this in some set time it
> all quits.

>     Until you can convince me that my system is at risk from ssh when
> using a real password I am going to sleep well.

Go to www.cert.org and search for "SSH vulnerability" and understand that, 
while those holes have been patched, there will be other holes found.

Buffer overflows impact your security.  SELinux does mitigate their impact to 
a degree, as long as it's enabled and set to enforcing; but in the specific 
case of ssh that won't help a great deal.

To summarize the holes: over the years, remote execution vulnerabilities due 
to program bugs have been found and patched; the fact that there have been 
bug of this nature found implies strongly that there are unpatched bugs in 
the code now that have not been discovered (or if they've been discovered, 
the knowledge hasn't been disseminated); holes must be assumed.

Security is never absolute; and is best done in layers, and as a continuous 
process.  I'm not going to say that I know everything there is to know about 
it; no one does.  Nor am I going to say that my systems are invulnerable; no 
ones are (unless they're turned off and unplugged).  But I have learned a few 
things in my several years experience in the field; layered security is one 
of them.

The degree of usability of a system and the degree of security of a system are 
inversely proportional.
-- 
Lamar Owen
Chief Information Officer
Pisgah Astronomical Research Institute
1 PARI Drive
Rosman, NC  28772
(828)862-5554
www.pari.edu


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux