[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] RISKY BUSINESS
- Subject: Re: [cobalt-users] RISKY BUSINESS
- From: Steelhead <brk@xxxxxxxx>
- Date: Thu May 3 12:15:01 2001
- Organization: LinuxHelpers.org
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Carrie Bartkowiak wrote:
>
> > You know, I see poor souls getting hacked in here all the time. It's
> almost
> > like they're missing the ugly simple truth:
>
> Actually Rob, I think you're the one missing the ugly simple truth:
> being on this list is one of the most sure-fire ways to bring
> attention to yourself and the vulnerabilities of your server.
>
> Anyone can sign up for this list, with no proof as to whether they
> own/lease a Cobalt or not. We've got a handful of active posters, have
> you any idea how many subscribers there are who simply read the list
> and don't post? Now, how many of those lurkers are script kiddies (or
> worse), just waiting for someone to post their IP address or admit
> that they've got some serious problem that needs attention?
Steelhead hacks at Carrie's words, they are *sooo* true.
The best defense is to configure for Minimum access, Maximum controls on
anyone with a right or reason to administer anything on your box(es).
Open the system to one user that has a problem, and you open it to all
those "script kiddies (or worse)".
Require all users to follow *strict* protocols, one bump and the session
is killed.
my 2 cents
Steelhead