I've found the NSA Cisco hardening guides to be amazing. I could hand the guide to a help desk tech we were training to be a netadmin, show him how a console cable works, and he would have a functional and secure test network of a few devices running in no time.
If you consider system hardening as more than just installing SELinux, you can see it helps secure more than just users with shell access.
Many of the SNACs (or STIGs as I remember them being called) go into detail in such areas as setting the method for password hashing, setting policies for allowed authentication protocols, disabling authentication on time mismatches, and a plethora of other things.
If nothing else, system hardening can be a "best practices" framework for your systems and/or network. I remember one of my systems administrators complaining to a security inspector that the system would not allow a log on if the security log was full instead of just overwriting old entries. He didn't realize that filling the security log with bogus crap could mask a real intrusion. Nobody knows absolutely everything, and not everyone has the time to sit down and understand every intricate detail. Using a system hardening approach, however, is a very good foundation to build your overall security posture.
You say that you only allow http, but what happens when a vulnerability is found in code that you use for your http application? That's what defense in depth is all about. You may be able to knock down this wall, but there are 10 more behind it that are even bigger.
The DISA gold disk breaks Windows just as bad, believe me. The 100% Gold Disk Standard(tm) is only necessary for the highest security systems, which usually run software designed with gold disk hardening in mind in the first place.
System hardening is just another layer of a "defense in depth" security posture. The more layers, the better. So, if an adversary manages to get through your site firewall, access lists, IPS, vlan segregation, virus scanner, etc, they still have to contend with a hardened local system in order to compromise data.
System hardening is also very helpful against inside jobs, or against other systems on the network compromised through brute force or social engineering.
Wait, so you first advocated spending tax money on a nanny-state to handhold idiots through so they can do more with themselves than flip burgers:
Yes, you are ashamed of your city because you believe it is better to let ignorant, selfish, lazy children grow up to be ignorant, selfish, lazy adults who are a burden to the rest of society.
You are a dumb-ass. Then you go and completely reverse your stance:
Why should any money be spent on them? As the old saying goes, "they made their bed, now they can sleep in it." And, to top it off, you try to further support your false dichotomy with a statement like this:
No, you can not pick and choose Are you confused? Angry? Trolling? Which side of this debate are you on? Are you trying to reach a compromise while using radically over pronounced positions that contradict each other?
Your arguments give me a headache. Please explain.
Would you also agree that said dumbass should suffer the consequences of his folly? Yes.
Do you agree he is owed nothing from the state and should be allowed to suffer, to hunger and starve to death, to freeze in the cold and broil in the heat, to be run out of town without sympathy or support? Now, that is a false dichotomy. Either I agree or disagree with all of the above at once? Can't I pick and choose?
Do you agree that no money should be spent on the self-generated less fortunate? No, I believe that a minimal amount of temporary aid should be provided to the self-generated less fortunate.
Yes, you are ashamed of your city because you believe it is better to let ignorant, selfish, lazy children grow up to be ignorant, selfish, lazy adults who are a burden to the rest of society. As a matter of fact, yes. It is called equality of opportunity. If someone doesn't strive to better themselves, to grasp the opportunities presented them, then they shouldn't be "boosted" up to compete with people who have. If someone yearns to be a dumbass, let them be a dumbass.
I believe that eventually some country, probably England, will institute mandatory "tagging" of all residents. This will go over like a lead balloon. However, it won't cause anywhere near the uproar compared to the eventual policy shift to tag ALL humans in the country (including tourists).
A couple decades of great depression-level recession, which will likely take a chunk out of the global economy, will show that country the error of its ways.
Because if you compare it to standard internet data transfer, it just gets silly.
Why make up 64 new mathematical operators to express Graham's number, when we could have easily just used the SMS profit margins?
HP sells their inkjet ink for nearly 8,000 USD per gallon. Interestingly enough, many smaller companies who specialize in refill packs sell 5-gallon jugs of ink for around 350 USD. That's only 70 USD or so a gallon.
We're climbing there, but who is to say that the rising cost of oil won't proportionally increase the cost of ink?
The profit margin on many independent vendors' food at sporting events is not as high as you think. You'd better believe that they have to pay through the nose to be able to hawk their concessions. Either way, it's not a 4-digit profit margin by ANY stretch of the imagination.
"For The Class ENC2401, or English Composition Of The Level Twenty-Four Hundred One, Lectured By The Great And Renowned Professor Of Grammatical Fascism, Richard Dung"
TFA is talking about the transfer of data, not how many little bits are actually involved in the transaction. Headers and transmission overhead are not data. If you downloaded a CD ISO, you would not say that you downloaded 946MB and include "overhead" in your figure.
Did you include your name and the class number in the word count for your papers in college?
The NSA actually has a very good track record in contributing to public knowledge of network security and hardening. The SNACs are amazing pieces of in-depth documentation for nearly any hardware and software platform.
Google's shareholders did not "vote against human rights," they voted against a policy change that was proposed. Even the summary admits that Sergey abstained because he didn't agree with the way the proposals were written, not because he disagreed with the spirit.
The reason for this is the way that IE7's uninstall procedures occur, and the fact that SP3 works for computers with both IE6 and IE7.
When you install IE7, it creates a backup of all IE6-related files that it replaces, in order to replace them if the user uninstalls IE7.
When you upgrade to SP3, it replaces files that are used by both IE6 and IE7, most of which have different versions depending on which browser is currently being installed.
If you were to uninstall IE7 after updating to SP3, then it will revert to the pre-SP3 binaries that were copied during initial setup.
Now, I agree that the SP3 setup should be intelligent enough to identify and replace IE6 files located in the IE7 uninstall folder, but honestly it was probably a very low priority.
The fix? Uninstall IE7, install SP3, then re-install IE7. Not an easily automated task, but thats what needs to be done if you want to be able to uninstall IE7 in order to revert to IE6 in the future.
Either way, its not a massive conspiracy. You can put your tin-foil hat away today.
Is that the only use you can think of for this? Is this just a hopeless attempt at trolling? Is your world view so ethnocentric that you don't realize how censorship affects people?
Here's a quick list of situations or people off the top of my head that could benefit from this:
- Citizens of a government which controls information flow (China, Kuwait, etc) - Investigative journalists releasing stories (Judith Miller, anyone?) - Leaking protected or damaging information (Wikileaks has been shown to be vulnerable)
If all you can think about is "OmG teh CHILDRENS!!111", then something is seriously wrong with you.
Slashdot Mirror
I've found the NSA Cisco hardening guides to be amazing. I could hand the guide to a help desk tech we were training to be a netadmin, show him how a console cable works, and he would have a functional and secure test network of a few devices running in no time.
Those are the only flavors, as far as I am aware, that the NSA has approved so far for government use in production environments.
If you consider system hardening as more than just installing SELinux, you can see it helps secure more than just users with shell access.
Many of the SNACs (or STIGs as I remember them being called) go into detail in such areas as setting the method for password hashing, setting policies for allowed authentication protocols, disabling authentication on time mismatches, and a plethora of other things.
If nothing else, system hardening can be a "best practices" framework for your systems and/or network. I remember one of my systems administrators complaining to a security inspector that the system would not allow a log on if the security log was full instead of just overwriting old entries. He didn't realize that filling the security log with bogus crap could mask a real intrusion. Nobody knows absolutely everything, and not everyone has the time to sit down and understand every intricate detail. Using a system hardening approach, however, is a very good foundation to build your overall security posture.
You say that you only allow http, but what happens when a vulnerability is found in code that you use for your http application? That's what defense in depth is all about. You may be able to knock down this wall, but there are 10 more behind it that are even bigger.
If you reinforce the concrete properly to create a Faraday cage, you can protect against TEMPEST threats.
The DISA gold disk breaks Windows just as bad, believe me. The 100% Gold Disk Standard(tm) is only necessary for the highest security systems, which usually run software designed with gold disk hardening in mind in the first place.
System hardening is just another layer of a "defense in depth" security posture. The more layers, the better. So, if an adversary manages to get through your site firewall, access lists, IPS, vlan segregation, virus scanner, etc, they still have to contend with a hardened local system in order to compromise data.
System hardening is also very helpful against inside jobs, or against other systems on the network compromised through brute force or social engineering.
You are a dumb-ass. Then you go and completely reverse your stance: Why should any money be spent on them? As the old saying goes, "they made their bed, now they can sleep in it." And, to top it off, you try to further support your false dichotomy with a statement like this: No, you can not pick and choose Are you confused? Angry? Trolling? Which side of this debate are you on? Are you trying to reach a compromise while using radically over pronounced positions that contradict each other?
Your arguments give me a headache. Please explain.
I believe that eventually some country, probably England, will institute mandatory "tagging" of all residents. This will go over like a lead balloon. However, it won't cause anywhere near the uproar compared to the eventual policy shift to tag ALL humans in the country (including tourists).
A couple decades of great depression-level recession, which will likely take a chunk out of the global economy, will show that country the error of its ways.
Because if you compare it to standard internet data transfer, it just gets silly. Why make up 64 new mathematical operators to express Graham's number, when we could have easily just used the SMS profit margins?
HP sells their inkjet ink for nearly 8,000 USD per gallon. Interestingly enough, many smaller companies who specialize in refill packs sell 5-gallon jugs of ink for around 350 USD. That's only 70 USD or so a gallon.
We're climbing there, but who is to say that the rising cost of oil won't proportionally increase the cost of ink?
The profit margin on many independent vendors' food at sporting events is not as high as you think. You'd better believe that they have to pay through the nose to be able to hawk their concessions. Either way, it's not a 4-digit profit margin by ANY stretch of the imagination.
"For The Class ENC2401, or English Composition Of The Level Twenty-Four Hundred One, Lectured By The Great And Renowned Professor Of Grammatical Fascism, Richard Dung"
TFA is talking about the transfer of data, not how many little bits are actually involved in the transaction. Headers and transmission overhead are not data. If you downloaded a CD ISO, you would not say that you downloaded 946MB and include "overhead" in your figure. Did you include your name and the class number in the word count for your papers in college?
The NSA actually has a very good track record in contributing to public knowledge of network security and hardening. The SNACs are amazing pieces of in-depth documentation for nearly any hardware and software platform.
But what if his schizophrenia is a direct result of NSA activity?
From personal experience, believe me, Iraqi porn isn't worth it.
Shouldn't the prospective target be Apple? I mean, come on, Steve Jobs is almost a fruitful a tree as Ballmer.
Do you think China really cares all that much about Google? Seriously?
Google's shareholders did not "vote against human rights," they voted against a policy change that was proposed. Even the summary admits that Sergey abstained because he didn't agree with the way the proposals were written, not because he disagreed with the spirit.
Slow news day much?
The reason for this is the way that IE7's uninstall procedures occur, and the fact that SP3 works for computers with both IE6 and IE7.
When you install IE7, it creates a backup of all IE6-related files that it replaces, in order to replace them if the user uninstalls IE7.
When you upgrade to SP3, it replaces files that are used by both IE6 and IE7, most of which have different versions depending on which browser is currently being installed.
If you were to uninstall IE7 after updating to SP3, then it will revert to the pre-SP3 binaries that were copied during initial setup.
Now, I agree that the SP3 setup should be intelligent enough to identify and replace IE6 files located in the IE7 uninstall folder, but honestly it was probably a very low priority.
The fix? Uninstall IE7, install SP3, then re-install IE7. Not an easily automated task, but thats what needs to be done if you want to be able to uninstall IE7 in order to revert to IE6 in the future.
Either way, its not a massive conspiracy. You can put your tin-foil hat away today.
Eric Lichtblau and Jim Risen, then?
If I'm not mistaken, you could always load up freenet and use a Truecrypt drive as your "swap" space.
Is that the only use you can think of for this? Is this just a hopeless attempt at trolling? Is your world view so ethnocentric that you don't realize how censorship affects people?
Here's a quick list of situations or people off the top of my head that could benefit from this:
- Citizens of a government which controls information flow (China, Kuwait, etc)
- Investigative journalists releasing stories (Judith Miller, anyone?)
- Leaking protected or damaging information (Wikileaks has been shown to be vulnerable)
If all you can think about is "OmG teh CHILDRENS!!111", then something is seriously wrong with you.