John Lavin on Mon, 1 Jul 2002 13:39:48 -0400


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] log as root or not ?


> No, it really is less safe, as it really does pass a shared secret
> over the wire, which is a terrible idea under any circumstances. We
> have better ways of handling this situation now, so use them.
Great - I love starting Monday off feeling less secure about my use of
root.  ;-)

> I don't know about you, but my workstation is *clearly* more secure
> than any of the servers I administrate.
Yours probally is, but alot of people don't take security on their
workstations too seriously, or put off hardening it since its "only"
connected periodically.  (You also have the "I have nothing important
enough to steal" excuse)  I shut down every service I don't use and drop
as much incoming traffic as possible, but I am still guilty of putting off
hardening my system.  I don't monitor as well as I should either.  I don't
think I'm the only one ...  so in sometimes, yeah, I could see the
server being more secure in some cases, sure.


______________________________________________________________________
Philadelphia Linux Users Group       -      http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion  -  http://lists.phillylinux.org/mail/listinfo/plug