Slashdot Mirror

← Back to Stories (view on slashdot.org)

SecurityFocus Linux Focus Area

Posted by CmdrTaco on from the stuff-to-read dept.

WebJunky writes: "SecurityFocus.com has opened a Linux security focus area. It has an opening letter from Bruce Perens and some interesting articles, especially one on installing IPsec under Linux. It also has some tutorials on installing Apache and BIND securely. " Cool stuff, course most of us just stick to bugtraq anyway ;)

2 of 63 comments (clear)

  1. Bugs are only part 1 by toofast · · Score: 5

    I think this article will be a good eye-opener for many who seem to think that securing a system means checking the bug lists and applying the appropriate patches, or by throwing in a buzz-word Firewall. Although that is an excellent start, You can see the big difference with NT and OpenBSD.

    NT has a decent security model. But Microsoft's goals with NT is functionality, not security. So with file permission defaults such as Everyone: FULL CONTROL and Exchange KM Server Admin passwords being "Password", it's not hard to see that M$ wants Admins to have an easy job. Everything works, but it ain't secure. Although one can configure NT to be secure, it will take many hours of work and tests.

    On the other side of the spectrum, consider OpenBSD. Paranoid? Obviously. Everything's off, users have no access to anything, users can't su unless they're allowed. Here, security is well taken care of, but the admin's big job here is opening up the system so users can get some functionality.

    Then put Linux in the middle. A relatively secure OS, with (as most distros) almost all daemons running without even asking for them. Shut off sendmail, wu-ftpd, httpd, etc, and boom, magnitudes more security.

    Then consider the admin who uses the root account straight through telnet. One co-worker I knew does this on a regular basis, then brags that he's never been cracked!!! Patching bugs is the easy part...

  2. securityfocus site - more content, less html fluff by poopie · · Score: 4

    every time I visit this site, I swear to never return.

    Their site has so much unnecessary formatting and takes so long to load. Obviously they're not interested in attracting unix sysadmins, or mobile users using a mobile browser.

    I recommend http://packetstorm.securify.com - they still have a medium amt. of html fluff, but at least it works in lynx.