Filepro-list Digest, Vol 42, Issue 43
Jay R. Ashworth
jra at baylink.com
Thu Jul 26 12:44:09 PDT 2007
On Thu, Jul 26, 2007 at 12:46:09PM -0700, Bill Campbell wrote:
> >Ok, so the machine isn't "broken", it's just running things you didn't
> >want because it's administrator is sloppy and a) didn't run a
> >password-strength tester on password changes, b) didn't run a password
> >cracker to look for Joe's, b) didn't firewall the machine so that
> >unwanted traffic couldn't get in and out.
> >
> >The point here, of course, is that administrators *can*
> >deterministically do those things on *nix.
>
> That depends on the user base. I've never seen an ISP that has been able
> to enforce good passwords and keep their customers. My nightly maintenance
> routines check for crackable passwords, and I would say that at least 75%
> of the user's passwords at any ISP are going to be guessable.
Sure. But Boaz isn't talking about that environment; he's talking
about office applications server.
> We rarely have seen problems like this on our business client's machines as
> we can be a lot more draconian with them. We only allow user access via
> secure shell, and then only allow password authentication in a few rare
> cases where an outside web developer can't figure out how to generate
> public/private keys on their Windows box. Where we do allow password
> authentication, ssh access is tightly restricted with tcp_wrappers and
> /etc/hosts.allow.
>
> No matter how fool-proof an admin tries to make the system, they keep
> finding better fools.
No doubt.
> >> Autoyast installs of SuSE Linux Enterprise 10 take about the same.
> >
> >This was an older slower box. :-)
>
> This was an AMD Athlon 1400+ 1GB RAM and with a pretty generic IDE drive.
> Installation was over a 10/100 NIC from a file server running SLES9 on an
> AMD Athlon(tm) 64 Processor 3000+ 2GB RAM, and a 74GB WD SATA drive.
Hmmm. Perhaps it went faster than I thought; I wasn't watching it
then.
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra at baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com '87 e24
St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
More information about the Filepro-list
mailing list