Re: Security and Testing
On Thu, 17 Mar 2005, Dave Ewart wrote:
> This is not intended as flamebait, but perhaps those who are *really*
> concerned about up-to-date security don't run 'testing ... ? That may
> explain your lack of response.
for me ... i assume the [cr/h]ackers are already inside the network
and is watching and/or sleeping and recording ..
- i work around things based on that assumption
and than gamble with roulette and statistics and probability
and repeatability and ... endless list ...
- i exclude the possibility of any keyboard loggers running on
*nix boxes, and if there was one loaded, all bets are off anyway
( ssh, ssl, nada will help since they got your keystrokes and
mouse clicks )
> Sarge server can be mitigated by having other layers in your security
> model (firewalls etc.) and keeping a close eye on the security
> bulletins.
lots of layers
c ya
alvin
Reply to: