Root access removed

Jeff Vian jvian10 at charter.net
Tue May 11 13:45:07 UTC 2004 


Chadley Wilson wrote:

>On Tue, 2004-05-11 at 10:06, Ben Stringer wrote:
>  
>
>>On Tue, 2004-05-11 at 16:23, Chadley Wilson wrote:
>>
>>
>>    
>>
>>>End-users who are new to Linux easy irritated by passwd prompts,
>>>My one customer made a (I think valid ) comment: He said and I quote 
>>>"I should be given the option to choose whether or not I want a passwd
>>>protected system. Why do other people tell me what I need."
>>>      
>>>
>>The simple answer to this is that for systems connected to the internet, 
>>if they become compromised, they can be used to spread more virus' and 
>>spam, so they affect the wider community, not just the owner. 
>>    
>>
>What is wrong with just a good firewall and running DR-WEB to protect
>the PC?
>Just curious :-}
>  
>
Firewalls are good, but there has to be something open to connect to the 
internet.  Have you heard of the nimda virus?  It did not affect linux, 
but there is always a possibility.  And it did not even require one to 
do anything except be connected to the internet.  On a similar note, 
Many web sites run software that is able to menetrate systems that 
happen to be vulnerable to those tools. Simply opening up the web page 
can allow intrusions if the remote site knows how.

My linux PC (in the RH 7.3 days) was hacked into (because of a 
misconfigured firewall) and a root kit installed.  Ant that was with 
passwords, limited services running, and a firewall running.  Is your 
user going to have a *secure* firewall configured.??

Layers of security are much better than one level.  Most businesses that 
have their networks connected to the internet have a firewall -- a DMZ 
with most of their public servers -- another firewall -- then their 
intranet network.  Each layer helps, and they also run IDS systems.
I realize this is overkill for the home user, but as much as possible is 
better than nothing.

>  
>
>>It is 
>>irresponsible to have a PC that is externally accessible poorly secured.
>>The case where the PC is not network-accessible is increasingly a special 
>>case, and a security choice made at installation time may lead to a 
>>compromise later on if the PC is connected to a network.
>>
>>The reasons for not removing separation of privileges is well documented
>>and not specific to Fedora. I'd suggest researching past discussions on this
>>and other lists.
>>
>>Cheers, Ben
>>    
>>

More information about the fedora-list mailing list