On Tue, 2006-03-07 at 21:20 -0600, Les Mikesell wrote: > On Tue, 2006-03-07 at 19:08, Jeff Vian wrote: > > > Any path is a possible weakness, and one weakness leads to others. If > > the door is not there (package not installed) it cannot be opened. > Or found and fixed. Security watch word... Defense in depth. Say it again and repeat it as a mantra... Defense in depth. You want to ignore fundamental security principles at your convenience and use other security vectors and principles as your defense. You've got a "patch it" mentality. Patch it and you can ignore other basic security principles. But modern security takes "defense in depth" as axiomatic. This you choose to ignore. Ignore it your peril. * Do NOT install that which you are not prepared to use/run. * Do NOT run what you are not prepared to properly configure, in advance. We've gotten far better at the former by not enabling things OOB (which I'm sure the "install everything" noobs object to as well, because it doesn't "work" OOB), but that only goes so far (synergistic effects explode exponentially with the interactions). We've gotten far better at the later by insuring the default configurations are saf-ER OOB. But better is still not perfect. But still, you can only go so far at predicting the environment a default configuration is turned loose in... You can not predict what may go wrong WHEN YOU ARE IGNORANT OF WHAT YOU ARE DOING. When the IGNORANT install everything OOB, there is not much the best of us can do to protect them from their own stupidity. So we can at least make them make mistakes by intent and by "commission", not by default and by "omission". DEFENSE IN DEPTH. Make it as secure as you can. Even when that means - don't let the stupid end user install it unless he really really knows WTF he is doing... Patching helps, but defend against the unknown holes as well. Firewalls help, but so does tcpwrappers. They do the same things but differently. So use the both. When one thing fails, the next defends you. They can't break in through something you didn't install. If they break in, they can't exploit some stupid asinine local exploit to gain root and install a root kit on your ass. It happens. It has happened and it will happen. Bottom line is the likelyhood of failure works against you. The users who are most likely to use this feature are the most likely to be harmed by it. Those of us who know NOT to use it are most likely to know how to manage systems in a way that we can get away with it and COULD use it. The people who DO use it are the last people who SHOULD use it. I like to think I know what I'm doing in security (as the Myth Busters say "we're, what you call "professionals", we do this for a living") and I'm not so stupid as to do that. At least I'm smart enough to know that "here there be dragons". You think you are smarter than the security experts when it comes to security? You think you are smarter enough to do something securely that we think is stupid and insecure? You better think carefully... Old programmer's saying: Application development is a race between software engineers who strive to create idiot proof programs and the universe which strives to create bigger and better idiots. Old Software Engineer's saying: So far, the universe is winning. > -- > Les Mikesell > lesmikesell@xxxxxxxxx Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw@xxxxxxxxxxxx /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
Attachment:
signature.asc
Description: This is a digitally signed message part
