[ale] oh... please (slight rant)

Jeff Lightner jlightner at water.com
Wed Feb 7 15:16:49 EST 2007 

He's not "probably right" because he said he could hack "because it's
open source".   As others have pointed out that has nothing to do with
it.   Based on that bogus assumption then my HP-UX servers would be safe
because they're not open source.   If so he'll have to explain to me why
I had to do a Bastille bastion host setup AND run HP's
security_patch_check to insure they were safe for the internet.
Moreover he'd have to explain why the Bastille software I used on the
proprietary OS was made mostly of open source components.

-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Lane
To: ale at ale.org
Oden
Sent: Wednesday, February 07, 2007 1:20 PM
To: Atlanta Linux Enthusiasts
Subject: Re: [ale] oh... please (slight rant)



-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of
To: ale at ale.org
Preston Boyington
Sent: Wednesday, February 07, 2007 11:50 AM
To: Atlanta Linux Enthusiasts
Subject: [ale] oh... please (slight rant)

while talking with a friend of a friend last night the conversation
started to turn into a pissing contest.  the gist of it is he is very
entrenched in M$ land and Linux is nothing more than a hobbyist's
plaything.  (hmm... possibly some residual anger there...)

i actually was rendered speechless (not an easy feat mind you, i run my
trap A LOT) when he proclaimed that he could hack any Linux machine in a
few minutes because it was open-source.  i sat there for a few seconds
and then looked at my friend and asked, "he's not doing anything mission
critical for you, is he?"

i readily admit that i am not a Linux guru, database wizard, or web
tzar, but i have enough intelligence to determine that "many eyes are
better than a few"!
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

Security is not simply a matter of what OS you're running. Security is a
matter of always following best practices and documenting properly so
you manage to spot anomalies. The most secure and stable platform is
always going to the the one that the responsible Administrator (or team)
is most familiar with. For some organizations, that platform will be
Linux/Free UNIX. For others, Windows. And for some, it's still
mainframes and commercial UNIX. For LOTS of companies, it's a
combination of some of the above...

Honestly, the friend of a friend is probably right. There are a good
number of lazy admins (Windows and Linux) out there who miss out on
something little that turns into a major security issue later. 

"A lot of good work goes to waste simply because someone wasn't willing
to do a little more."

Linux vulnerabilities exist everywhere from the kernel to the
applications/services. Just like Windows. And remember... while remote
access (whether it's LAN or across the Internet) is powerful, physical
access is guaranteed. Put someone technically apt and so inclined in
front of any box and they own the data. No matter what measures you take
to protect it.

Real security involves knowing where your vulnerabilities exist and
taking steps to mitigate them. Not eliminate them. Sometimes mitigation
means acceptance.  

Regards, 

Lane Oden 
Information Security Analyst 

?


The information transmitted is the property of NCP Solutions and is
intended only for the person or entity to which it is addressed and may
contain confidential, 
proprietary and/or privileged material. Any review, retransmission,
dissemination, or other use of, or taking of any action in reliance upon
this information by 
persons or entities, other than the intended recipient, is prohibited.
If you receive this in error, please contact the sender and delete the
material from all computers. 


_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list