Filepro-list Digest, Vol 42, Issue 43

Jay R. Ashworth jra at baylink.com
Thu Jul 26 12:44:09 PDT 2007


On Thu, Jul 26, 2007 at 12:46:09PM -0700, Bill Campbell wrote:
> >Ok, so the machine isn't "broken", it's just running things you didn't
> >want because it's administrator is sloppy and a) didn't run a
> >password-strength tester on password changes, b) didn't run a password
> >cracker to look for Joe's, b) didn't firewall the machine so that
> >unwanted traffic couldn't get in and out.
> >
> >The point here, of course, is that administrators *can*
> >deterministically do those things on *nix.
> 
> That depends on the user base.  I've never seen an ISP that has been able
> to enforce good passwords and keep their customers.  My nightly maintenance
> routines check for crackable passwords, and I would say that at least 75%
> of the user's passwords at any ISP are going to be guessable.

Sure.  But Boaz isn't talking about that environment; he's talking
about office applications server.

> We rarely have seen problems like this on our business client's machines as
> we can be a lot more draconian with them.  We only allow user access via
> secure shell, and then only allow password authentication in a few rare
> cases where an outside web developer can't figure out how to generate
> public/private keys on their Windows box.  Where we do allow password
> authentication, ssh access is tightly restricted with tcp_wrappers and
> /etc/hosts.allow.
> 
> No matter how fool-proof an admin tries to make the system, they keep
> finding better fools.

No doubt.

> >> Autoyast installs of SuSE Linux Enterprise 10 take about the same.
> >
> >This was an older slower box.  :-)
> 
> This was an AMD Athlon 1400+ 1GB RAM and with a pretty generic IDE drive.
> Installation was over a 10/100 NIC from a file server running SLES9 on an
> AMD Athlon(tm) 64 Processor 3000+ 2GB RAM, and a 74GB WD SATA drive.

Hmmm.  Perhaps it went faster than I thought; I wasn't watching it
then.

Cheers,
-- jra
-- 
Jay R. Ashworth                   Baylink                      jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com                     '87 e24
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274


More information about the Filepro-list mailing list