Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Linux
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Secure Kickstart Installation

from [Jon Hart] Network Security [Permanent Link]
Subject: Re: Secure Kickstart Installation
Date: Thu, 26 May 2005 16:51:32 -0400 
On Wed, May 25, 2005 at 10:02:52AM +0200, Mathieu KRETCHNER wrote:

Hi,

Me and my team have installed approximativly all the packages. But we 
have choosen to configure only services that we need. So we can add 
services withtout new installation !
For my own it's a political choice.


That will certainly work.  But, I wouldn't advocate installing all of
the base/available services and just not enabling them.  Sure, you
aren't running those services, but you still have all the files provided
with that package installed.  This can make securing the system against
local attackers quite a bit more difficult.

The most common example I can think of is setuid/setgid files.  Do you
really want unused setuid/setgid files laying around?

Potentially worse yet... You install service foobar at initial install
time but don't enable it.  6 months down the road you find a need for
foobar and fire it up.  You are suddenly at risk of running
a 6 month-old foobar, which may or may not be a problem depending on
your security policies (i.e., how often you update).

Take your pick: security or convenience.  Or try to find a happy medium.

My $0.02,

-jon
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Secure Kickstart Installation, antoine
Next by Date:  [Snort-users] Re: BASE Updates and the way forward, Joel Esler
Previous by Thread:  Re: Secure Kickstart Installation, antoine
Next by Thread:  Re: Secure Kickstart Installation, jede sswe
Indexes:  [Date] [Thread] [Top] [All Lists]