Re: [support@backup.hmdc.harvard.edu: [hmdc.harvard.edu #4073] FYI: mon]
On Thu, 11 Sep 2003 01:03, Theodore J. Knab wrote:
> Some of you might find this one interesting.
>
> In a world where IT security sometimes means keeping services out of
> sight. Both Harvard and MIT advertise everything they have up and
> running.
I don't think that letting people know which servers are online is a problem.
If they are secure then it's fine, if they aren't then security by obscurity
never did any good.
However if someone wants to mount an attack that requires spoofing IP
addresses etc, then having current ping times etc displayed can really make
it a lot easier...
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: