[1607] in linux-security and linux-alert archive
[linux-security] Security concern
daemon@ATHENA.MIT.EDU (Brian Koref)
Thu Sep 18 19:18:20 1997
From: "Brian Koref" <bkoref@wisp1.wisp.com>
To: linux-security@redhat.com
Date: Thu, 18 Sep 1997 10:58:50 +0000
Cc: zblaxell@fiction.org
Old-Return-Receipt-To: "Brian Koref" <bkoref@wisp1.wisp.com>
In-Reply-To: <199709162350.TAA18949@tenchi.myrus.com>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
Zygo Blaxell wrote:
>
> An administrator whose primary concern is security can just turn off all
> privileged executables and services, then turn them back on if and when
> they are needed. This is the first and easiest way to get a lot of
> security in a hurry. *Don't* do this on any active machine where
> productivity is more important than security, because you *will*
> disable something important unless you know what you're doing and make
> no mistakes. Don't do this unless you *intend to learn* what components
> you need and which ones you can remove or replace. *Do* do this on a new
> machine when you are configuring it for later production use, because it's
> notoriously difficult to fix problems once the system is in the field.
>
Great input...
As an investigator, many of the compromises I see involve systems
which are 2 to 3 years old. An old slackware box sitting on a .mil
domain, which some airman set up as a test machine. The airman gets
trasferred, and the system is left up and running. Additionally, in
the government, and in many commercial organizations as well, System
Administration is more or less considered an "additional duty." The
individuals know how to set up accounts, change passwords, mount
filesystems, backups, etc... They know nothing about security,
mailing lists, news servers, advisories, patches,
etc...Unfortunately, management typically hasn't got a clue either,
and therefore holes get left unplugged. It's good to see an
occasional re-iteraton of previously reported exploits. Not everyone
has been a subscriber to the linux security mailing list since its
inception, and not everyone know about archives. I guess that's why
speed limit signs are posted at regular intervals. To "remind" us to
obey the law.
[Mod: Please qote with care. I've removed about 80% of the quoted
text and added an atribution. -- REW]
--------------------------------
Brian Koref, Special Agent, USAF
Computer Crime Investigations
Air Force Office of Special Investigations
4864 Virginia Ave
Andrews AFB, MD 20762
(301) 981-5469
DSN: 858-5469
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAzIKLx0AAAEEAJXc8Qz9I6IgQwOfO4qks+qv2AYIAZ6GJFDAEwcH2AsAPboI
qQkIJm8sE6sNS9Jn39E9ucaL9WaSBvA0fL4j8RQYCoDhy5r+jriKHlhLuTGz1WmI
VJmBTha9nok4TN+9wvp536Gl4nfxPjUOdW6z0dLm0X1/oP9o9YzS6wJc0rjlAAUR
tCZCcmlhbiBLb3JlZiA8YmtvcmVmQHBhZm9zdTIuaHEuYWYubWlsPg==
=eVUD
-----END PGP PUBLIC KEY BLOCK-----