Penetration Testing mailing list archives
Re: LAMP and postfix-dovecot security
From: "Claudio \"BlackFire\" Criscione" <blackfireml () securenetwork it>
Date: Wed, 28 Oct 2009 20:52:06 +0100
[...]
shell, if only to improve my Linux knowledge. If I start using web management interfaces, I won't really understand how things work and are being secured/changed, I will only presume that they are. I never trusted Windoze wizards because I did not know what they did underneath.
I can't but agree. It really depends on which kind of infrastructure you're managing, but if you are handling only a small amount of advanced users, go for the shell! :)
I am testing in stages, ensuring each layer is securely configured before adding a new layer. The pdf to which you link is very good, all the information and more that I gathered from several sources is here all in one place, I wish I had come across it sooner.
You're welcome ;-) ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: LAMP and postfix-dovecot security Claudio "BlackFire" Criscione (Nov 02)