> -----Original Message----- > From: fedora-legacy-list-bounces@xxxxxxxxxx [mailto:fedora-legacy-list- > bounces@xxxxxxxxxx] On Behalf Of Jim Popovitch > Sent: Thursday, October 20, 2005 3:30 PM > To: Discussion of the Fedora Legacy Project > Subject: Re: Another security problem.. > > Matthew Nuzum wrote: > > > > But that's not my point... if you run a web-facing server there are some > > plugins for nessus that cause it to search for known-vulnerable web > > applications and such. It's a good idea to run it periodically so that > you > > can find if you're exposed before someone else does. > > You are assuming too much of nessus. Your logic requires nessus to know > to check for *all* vulnerabilities. I don't have that much faith in any > product, even open source ones. The best way to run a secure server is > to not trust other tools and software. Do your own checking, > investigating, and *don't* run suspicious, or even mildly problematic > (i.e. php), software. If you're saying, "it's not enough to just run Nessus..." I agree with you. If you're saying that running Nessus is useless, I disagree. It is an excellent tool for finding out if you're running software that has known vulnerabilities. I might go so far to say that if you only run one tool for doing vulnerability analysis then it should be Nessus. I'll admit I've not used a single commercial vulnerability assessment product so my experience is far from comprehensive. Thanks for the suggestion for monitoring log files. You're right about hosts.deny. I'd go so far as to say that hosts.deny is practically useless these days since so few of our networked applications rely on it. But individual applications such as Apache have a similar concept. -- Matthew Nuzum <matt@xxxxxxxxxxxxx> www.followers.net - Makers of "Elite Content Management System" View samples of Elite CMS in action by visiting http://www.followers.net/portfolio/ -- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
