Re: Windows 98 box is 'owned'

[Darren Kirby <bulliver () badcomputer no-ip com>]

quoth the dante hicks:
> i might be missing something, but that would be almost identical to putting
> a patchless windows 98 box directly on the internet.  either disable
> *every* service (httpd,rpc,etcetc), or don't consider that option. surely
> she can handle a single password (or two, root + unpriv user)?  then have
> her unpriv user store all the passwords she might ever need (email, ebay,
> whatever) through the client.
>
> zero intervention needed, and still secure.

You have missed something :)

Unlike windows, I have considerable knowledge of setting up and securing Linux 
boxes. Of course I will turn all unneeded services off, of course I will set 
up an Iptables firewall that drops *everything* not instantiated from her 
box, of course I will set up a strong root and user password. I also have a 
tendency to patch all my kernels with grsecurity, which adds the additional 
security of random pids, random IP ids, random TCP source ports, and best of 
all, PAX to prevent execution of arbitrary code (ie: remote exploits) among a 
whole host of additional features. 

I am simply saying I am going to set up KDM to fire up automatically at boot 
and drop her at the desktop without intervention. As I said, physical 
security of the box is not important, she lives alone...

-d
-- 
Part of the problem since 1976
http://badcomputer.no-ip.com
Get my public key from 
http://keyserver.linux.it/pks/lookup?op=index&search=bulliver
"...the number of UNIX installations has grown to 10, with more expected..."
- Dennis Ritchie and Ken Thompson, June 1972

Attachment: _bin
Description: