[CLUE-Tech] Hack information
David Anselmi
anselmi at anselmi.us
Thu Jul 29 17:01:59 MDT 2004
Angelo Bertolli wrote:
[...]
> I think it's more risky to run a "personal box" also as a server (if
> that's what you're doing). I've decided the safest way to go is to have
> a separate box for each service you want to provide, if possible, and
> then just strip down or firewall off everything else (removing those
> packages is safer).
I wouldn't necessarily use a separate box for each service, but I would
definately separate a machine that supports user logins, or desktop
environments ("personal box") from other services. And think about
trust that may exist between the boxes.
IMO Debian is much easier to strip down than Red Hat. I think it pays
off too. My response to most Debian security advisories is "I don't
have that". (I also run testing, so my access to security patches a) is
delayed while they go from upstream through unstable, and b) isn't
dependent on upgrading to a new release when it might not be convenient.)
Haven't you been hacked before? Maybe a security class, or consultant,
is in order?
Dave
More information about the clue-tech
mailing list