At 23:12 2000-05-30 -0700, Krikofer wrote:
>Hi. My friend had told me that Linux does not have a good firewall.
>Linux can be broken into easily (according to his job's system
>administrator). Would any of you know if this is true? He says his
>friend likes Linux. Any facts?
The fact is that some distributions offer an "Everything" installation that
installs unneeded services and enables them by default.
Install only what's needed, turn off unnecessary services, restrict access
using TCP-Wrappers (inetd.conf, hosts.allow, hosts.deny), and configure the
included ipchains firewall package and you'll be off to a good start.
Maintenance is the real work.
Our IT shop runs several Exchange servers and supports several hundred
Win9x/NT desktops. During a security audit about a year ago, the printout
of deficiencies across the network was about 1cm thick. When several
machines in my workgroup came up on the list, the IT chief called my boss
and told him my Linux box had some problems. To make a long story short, it
turns out that the problems were with an old SCO box and two NT boxes. My
Linux box did not have a single deficiency listed in the whole report. He
just assumed that since it was Linux, it had to be insecure. After I
pointed this out and mentioned the fact that several of his Exchange
servers had made the list, I never heard from him again about my Linux box.
There are many amateurs using Linux, myself included. So there are a lot of
insecure boxes out there. But the problem is not so much with the OS as it
is with the administrator. It's called PBKAC (Problem Between Keyboard And
Chair) and other OS's have similar problems.
Tony
--
Anthony E. Greene <[EMAIL PROTECTED]>
PGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D
If it's too good to be true, it's probably Linux
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
