North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Is anyone actually USING IP QoS?
On 06/16/99 10:55:40 AM Alex P. Rudnev wrote: >They (cisco) promised to realise ssh. Hope we'll see it in a few years, >For now, install IPSEC, tunnel, bla-bla-bla, and may be you'll have a >piece of security. cisco *has* released code with ssh (ok, not released in the cisco-sense but you can get it) >Unix machine... drop all services you don't need, run your services not >as the root, install secure level or read-onl.y file system - and no >problems. this is just rediculous. it's not as simple as "no problems". the things you state are rather obvious but for a system to be used as *anything* (cache, web server, video server, etc) you simply have to have certain ports open, many times simple udp ports. locking down down services/ports, and running anything you can as non-root certainly goes a long way in protecting the system but it's just not that cut and dried. i'll give you and vadim full credit for being math wizards, or scientists (which i clearly am not) but don't choose your next career in the computer/network security industry. :) -brett
|