Re: Cracking attempt

To: Emile van Bergen <emile-deb@evbergen.xs4all.nl>
Cc: debian-isp@lists.debian.org
Subject: Re: Cracking attempt
From: Tim Spriggs <tims@fugazi.engr.arizona.edu>
Date: Mon, 24 Feb 2003 11:44:26 -0700 (MST)
Message-id: <Pine.GSO.4.44.0302241138330.1407-100000@fugazi.engr.arizona.edu>
In-reply-to: <20030224134105.GA26499@evbergen.xs4all.nl>

Good point. The only other problem is that our department is looking for
ways to cut back and so asking for _anything_ to my immediate superiors
seems risky in their eyes.

Certainly there are people on their level in other departments who
wholeheartedly agree with me and even the people right above me to a
degree but stuff seems to be flying left and right as people do not want
to lose their jobs.

Hmm, maybe I should dedicate a box of my own so I don't lose mine? :)

Anywho, I appreciate the concern and I do realize what a mess this entire
thing is. If it were solely up to me I would have a linux firewall that
routed all ssh/mail/other user services to a single box and then keep all
of the system level crap on another (such as our LDAP server and backup
client).

As of right now, I can think of way too many ways that this thing is
holier than the pope's golf clubs.

-Tim

                     < PRE >
##--##--##--##--##--##--##--##--##--##--##--##--##
|             T I M    S P R I G G S             |
|        Assistant Sysadmin - Development        |
|        College of Engineering and Mines        |
|            ECE206A - (520) 621-3185            |
##--##--##--##--##--##--##--##--##--##--##--##--##
                     </PRE >

On Mon, 24 Feb 2003, Emile van Bergen wrote:

> Hi,
>
> On Mon, Feb 24, 2003 at 06:08:43AM -0700, Tim Spriggs wrote:
>
> > On Mon, 24 Feb 2003, Russell Coker wrote:
> >
> > > BTW  As a rule of thumb, if you can crash it then you can probably
> > > exploit it, I hope that server isn't running as root.
> >
> > I realize that too. Unfortunately, Universities (at least around here)
> > tend to be VERY political and getting something like linux as a main
> > college server in place would be "making waves" with the type of
> > people that run the money upstairs.
>
> Just rest assured that a non-firewalled box containing backups will make
> a /lot/ more waves upstairs when (sic!) it gets cracked.
>
> You don't need to push Linux, you just need to explain the current
> risks, their cost and what it costs to implement a solution (be it
> Debian or Windows-95 based, ultimately they won't care), and the risks
> associated with that.
>
> Even the people upstairs have their gut feelings or prejudices about
> things they don't understand -- and we all know how hard that can make
> things -- they do tend to be sensitive to talks that mention well
> founded estimates of risks and costs.
>
> Cheers,
>
>
> Emile.
>
> --
> E-Advies / Emile van Bergen   |   emile@e-advies.info
> tel. +31 (0)70 3906153        |   http://www.e-advies.info
>

Reply to:

References:
- Re: Cracking attempt
  - From: Emile van Bergen <emile-deb@evbergen.xs4all.nl>

Prev by Date: Re: Mail server
Next by Date: Re: Mail server
Previous by thread: Re: Cracking attempt
Next by thread: Re: Cracking attempt
Index(es):
- Date
- Thread