In article <bksb5t$gc9$cc.umanitoba.ca>,
umanitoba.ca (Gary Mills) writes:
You mean like 9_Recommended I assume
You are not supposed to : >
You work at a uni so thats a worst case scenario if there ever was
one. I work on a very simple security model :
I assume EVERYTHING is vulnerable. What's not vulnerable now
can be a nano second later : >
What you do about it is all about:
Policy, and available resources (like time and money for example)
If everything is vulnerable then close down whatever is not
absolutely necesssary in order for the box to do its job...
Now you are left with what's vulnerable - shell accounts and
remote exploits. Restrict access. There are plenty of ways:
tcpwrappers, secure rpcbind, sshd, ip-filter...
Now you are invulnerable - for < nanosecond : >