Re: From release notes for FC5T3 (web)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Tue, 2006-03-07 at 21:20 -0600, Les Mikesell wrote:
> On Tue, 2006-03-07 at 19:08, Jeff Vian wrote:
> > Any path is a possible weakness, and one weakness leads to others.  If
> > the door is not there (package not installed) it cannot be opened.

> Or found and fixed.

	Security watch word...  Defense in depth.  Say it again and repeat it
as a mantra...  Defense in depth.

	You want to ignore fundamental security principles at your convenience
and use other security vectors and principles as your defense.  You've
got a "patch it" mentality.  Patch it and you can ignore other basic
security principles.  But modern security takes "defense in depth" as
axiomatic.  This you choose to ignore.  Ignore it your peril.

	* Do NOT install that which you are not prepared to use/run.

	* Do NOT run what you are not prepared to properly configure, in

	We've gotten far better at the former by not enabling things OOB (which
I'm sure the "install everything" noobs object to as well, because it
doesn't "work" OOB), but that only goes so far (synergistic effects
explode exponentially with the interactions).  We've gotten far better
at the later by insuring the default configurations are saf-ER OOB.  But
better is still not perfect.  But still, you can only go so far at
predicting the environment a default configuration is turned loose in...
You can not predict what may go wrong WHEN YOU ARE IGNORANT OF WHAT YOU
ARE DOING.  When the IGNORANT install everything OOB, there is not much
the best of us can do to protect them from their own stupidity.  So we
can at least make them make mistakes by intent and by "commission", not
by default and by "omission".


	Make it as secure as you can.  Even when that means - don't let the
stupid end user install it unless he really really knows WTF he is

	Patching helps, but defend against the unknown holes as well.
Firewalls help, but so does tcpwrappers.  They do the same things but
differently.  So use the both.  When one thing fails, the next defends
you.  They can't break in through something you didn't install.  If they
break in, they can't exploit some stupid asinine local exploit to gain
root and install a root kit on your ass.  It happens.  It has happened
and it will happen.

	Bottom line is the likelyhood of failure works against you.  The users
who are most likely to use this feature are the most likely to be harmed
by it.  Those of us who know NOT to use it are most likely to know how
to manage systems in a way that we can get away with it and COULD use
it.  The people who DO use it are the last people who SHOULD use it.  I
like to think I know what I'm doing in security (as the Myth Busters say
"we're, what you call "professionals", we do this for a living") and I'm
not so stupid as to do that.  At least I'm smart enough to know that
"here there be dragons".  You think you are smarter than the security
experts when it comes to security?  You think you are smarter enough to
do something securely that we think is stupid and insecure?  You better
think carefully...

	Old programmer's saying:

	Application development is a race between software engineers who strive
to create idiot proof programs and the universe which strives to create
bigger and better idiots.

	Old Software Engineer's saying:

	So far, the universe is winning.

> -- 
>   Les Mikesell
>    lesmikesell@xxxxxxxxx

Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw@xxxxxxxxxxxx
   /\/\|=mhw=|\/\/          | (678) 463-0932 |
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!

Attachment: signature.asc
Description: This is a digitally signed message part

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux