Re: customers and web servers and level one naps

[Curtis Villamizar <curtis () ans net>]

In message <Pine.SV4.3.91.960910141342.17625U-100000 () mercury int sprintlink net
> , Srinivasarao Mulugu writes:
>
>
> I know we do, Michael. And I have "their" answer. But they may not have 
> the same experiences you did. I know they did not have the same 
> experiences as some folks running PAIX. So if u have the time and 
> inclination to speak , I do have the interest, to listen to you. ;)
>
> -Mulugu


It is possible though admitedly not easy to secure a Unix machine
quite tightly (and still put some services on it allowing it to do
some useful work) since the services needed for remote administrative
access can be fully encrypted.  It is not possible to secure a router
from the major router vendors at the present time since administrative
access involves telnet access where the open TCP session has full
priviledges and remains "in the clear" for long periods of time and
ready for hijack.

A poor administered Unix system has more holes in it than swiss cheese
since thats how many workstation products are shipped.  BSD systems
today are fairly good as shipped but need kerberos or other encrypted
access if they are to be administered remotely.  There is no
recognized source of Unix security merit badges so its hard to specify
that Unix systems can only be allowed directly on a specific media if
they are securely administered.

It is generally easier to turn a Unix box into a sniffer and launch
sophisticated attacks from it should it get broken into.

Does that approximately match the great wisdom of Sprint?  ;-)

Curtis

ps- how did we get (back) on this topic anyway.
- - - - - - - - - - - - - - - - -