 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
Hi Duane,
I think "dsr" has some very good points but perhaps they could use some
explanation for those not familiar with Bugtraq.
On Fri, 2003-08-15 at 11:20, Duane Morin wrote:
> On Fri, 15 Aug 2003 dsr at tao.merseine.nu wrote:
> > Counterargument: Red Hat and Debian, among others, provide single-source
> > fixes.
>
> Is this valid in general, so for isntance if the user was handed a CD with
> Knoppix or Gentoo on it would they still have a single-source of fixes
> available to them? Or is it strictly for the big distributions?
> > Counterargument: 100 small holes vs 1 or 2 large ones? You haven't been
> > reading Bugtraq.
>
> Should I be? Or will I be inundated? I'm no sysadmin, just a user (and
> occasional writer). I don't know what your statement means. Just to
> clarify my own terminology by "large" hole I was thinking "Of the sort
> that makes the evening news."
Hi Duane,
"dsr" has some very good points but perhaps they could use some
explanation for those not familiar with Bugtraq.
Back a few years ago, standard Linux distros such as Red Hat were not
terribly secure. They tended to turn on lots of services by default and
then required "by hand" admin attention both for the initial setup and
over time as new holes were found.
These days, the Linux situation has changed in two big ways:
1) By default, most current Linux distributions are quite
secure. Even inexperienced users are able to setup
remarkably secure systems due to the "off-or-disabled
-by-default" nature of most services. And the default
firewalls shipped with major distros are quite capable.
2) Essentially all updates can be automated so that
they require little or no manual attention by trained
admins. Major distros such as Red Hat now include
automated update services (eg. Red Hat's "up2date")
that will, on a regular (often nightly) basis, download
and apply security fixes.
Security pros will often be heard repeating the famous "security is not
a destination but a process" idea. Since bugs and holes will continue
to be discovered in all products (including those from Microsoft and
from the Free/Open-Source worlds) the automated updates approach of the
major Linux vendors is certainly a good idea.
Ed
--
Edward H. Hill III, PhD
office: MIT Dept. of EAPS; Room 54-1424; 77 Massachusetts Ave.
Cambridge, MA 02139-4307
email: eh3 at mit.edu, ed at eh3.com
URL: http://web.mit.edu/eh3/
phone: 617-253-0098
fax: 617-253-4464
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.blu.org/pipermail/discuss/attachments/20030815/72b781c5/attachment.sig>
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
