Tom Horsley wrote: > On Sat, 29 Dec 2007 22:35:07 +0800 > Ed Greshko <Ed.Greshko@xxxxxxxxxxx> wrote: > >> You forgot one very important item. >> >> Whatever you do, don't be paranoid...unless someone is really out to get you. > > All you need to do is leave an unsecured box hooked up to the internet > for 5 or 10 minutes to discover that someone really is out to get you :-). It was more than a year ago when I attempted to install a Windows 2000 system directly connected to the internet. In fact, before the system was fully updated with security patches it had been compromised. I didn't time it, but it certainly was less than 30 minutes. As an experiment I did the same thing with a RHELv4 system, configuring with a firewall and selinux turned off. I didn't have a network scanner set up so I don't know if anyone tried to break in....but after more than 6 hrs in this configuration the system was not compromised. I didn't do any stupid things like make the root password abc123 or password. Of course, I didn't leave the RHELv4 in that condition....
