Re: Security basics

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wednesday 03 October 2007, Karl Larsen wrote:
>     This whole line of reasoning is false. I don't care if Hacker, the
> bad guy, gets on my computer with ssh. He then needs to come up with a
> valid login name and password. If he fails at this in some set time it
> all quits.

>     Until you can convince me that my system is at risk from ssh when
> using a real password I am going to sleep well.

Go to www.cert.org and search for "SSH vulnerability" and understand that, 
while those holes have been patched, there will be other holes found.

Buffer overflows impact your security.  SELinux does mitigate their impact to 
a degree, as long as it's enabled and set to enforcing; but in the specific 
case of ssh that won't help a great deal.

To summarize the holes: over the years, remote execution vulnerabilities due 
to program bugs have been found and patched; the fact that there have been 
bug of this nature found implies strongly that there are unpatched bugs in 
the code now that have not been discovered (or if they've been discovered, 
the knowledge hasn't been disseminated); holes must be assumed.

Security is never absolute; and is best done in layers, and as a continuous 
process.  I'm not going to say that I know everything there is to know about 
it; no one does.  Nor am I going to say that my systems are invulnerable; no 
ones are (unless they're turned off and unplugged).  But I have learned a few 
things in my several years experience in the field; layered security is one 
of them.

The degree of usability of a system and the degree of security of a system are 
inversely proportional.
-- 
Lamar Owen
Chief Information Officer
Pisgah Astronomical Research Institute
1 PARI Drive
Rosman, NC  28772
(828)862-5554
www.pari.edu

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux