|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: customers and web servers and level one naps
In message <[email protected]net >, Srinivasarao Mulugu writes: > > > I know we do, Michael. And I have "their" answer. But they may not have > the same experiences you did. I know they did not have the same > experiences as some folks running PAIX. So if u have the time and > inclination to speak , I do have the interest, to listen to you. ;) > > -Mulugu It is possible though admitedly not easy to secure a Unix machine quite tightly (and still put some services on it allowing it to do some useful work) since the services needed for remote administrative access can be fully encrypted. It is not possible to secure a router from the major router vendors at the present time since administrative access involves telnet access where the open TCP session has full priviledges and remains "in the clear" for long periods of time and ready for hijack. A poor administered Unix system has more holes in it than swiss cheese since thats how many workstation products are shipped. BSD systems today are fairly good as shipped but need kerberos or other encrypted access if they are to be administered remotely. There is no recognized source of Unix security merit badges so its hard to specify that Unix systems can only be allowed directly on a specific media if they are securely administered. It is generally easier to turn a Unix box into a sniffer and launch sophisticated attacks from it should it get broken into. Does that approximately match the great wisdom of Sprint? ;-) Curtis ps- how did we get (back) on this topic anyway. - - - - - - - - - - - - - - - - -
|