Rahul Sundaram wrote:
John Summerfield wrote:
Rahul Sundaram wrote:
John Summerfield wrote:
Finally, when all is said and done, security is _my_ problem.
Depends. People usually crack a system and then use it as a gateway
to crack other systems. Then it becomes more of a global issue.
I neglected to mention, I've seen some cracked Linux system. The
presence of X or equivalent (were it present) was completely irrelevant.
In general, it is a good security principle to only install what is
necessary but I was replying to your point about GDM disabling root
access by default. It does make a pretty big difference if your system
is running as root all the time or if you are using your system with
elevated privileges when not necessary.
http://www.bress.net/blog/archives/133-Security-Week-in-Review-2009-02-01.html
I already knew it was something like that.
I still say a vendor's disabling root login by default is particularly
stupid.
Yesterday I did an interactive install of RHEL5-clone. There was no
opportunity to create a user account.
If this was a standard RH setup, I would have an installed RHEL system
with only GUI tools to configure stuff and no obvious ability to login
and do it.
I administer a small network of Windows computers.
We have no AV software.
Our users are students. Yesterday, a prospective student's mother missed
an appointment with our principal because her child was suspended from
the current school. "That's our kind of student," the principal chortled
when he told us about the incident. Many of students are well known to
the local police and courts, and sometimes they take a break from school
to spend some time in a more rigorous institution. Some delight in
viewing parts of the Internet we are obliged by law to prevent them from
seeing, and are well-versed in ways around school security.
Despite their proclivities, in the several years I've been looking after
these computers, I have yet to see an infection of any kind of malware.
We do have a fairly serious lockdown using group policy and a stringent
firewall.
I understand the need for security, and Windows XP, even with SP2
installed is a bad joke, but so is making administrative logins difficult.
For those who don't know, a standard XP Professional SP install
1. Does not provide a chance to set a password for Administrator
2. Requires one to create at least one user account, one of which must
be an administrator. I don't recall that one can set a password, but I'd
have to do another install to be sure.
Odds are good that's how most people use their computers, so 80% or so
is not surprising.
Linux installations requiring user accounts is sensible (except in a
corporate environment, where accounts are managed globally). Requiring a
password for the administrator's account is sensible, in any
environment. Disabling root is sensible.
OTOH vendors setting client's security rules is not sensible. I would
prefer enabling root logins if the root account is enabled. By all
means, give root a one-page summary on first login about why it's a bad
idea. I like SUSE's red (danger lurks here) background decorated with bombs!
Advising users to not login as root is sensible, and so is giving them a
choice at install time.
--
Cheers
John
-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxx
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
--
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list
