Security....

[James Wilkinson]

Jim Higson wrote (about SSH):
> Out of curiosity, how much does it really matter so long as you have strong 
> passwords?
> 
> If security holes are discovered in ssh, then sure, someone who knows what 
> they're doing might be able to gain access. But then someone qualified enough 
> to find new holes in ssh won't be targeting my desktop box, or the http 
> server for a small buisines.
> 
> In general isn't ssh pretty secure, and aren't security fixes normally issued 
> before the script kiddies get hold of an exploit?

Yes.

But how quick are you on the patch?

If you're going to configure yum to automatically install new versions,
you're *probably* OK. If you leave installing patches until you've had a
chance to manually review them, and go away for a week or two, and a
patch comes out the first Monday you're away...

(And it's always possible for your yum mirror to be taken off-line on
the Sunday: always configure at least two mirrors if you want unattended
operation. And *check your logs!*)

Security is never an absolute: what you are doing is managing risk. In
this case, there is very little risk (with decent passwords), but there
is some.

James.
-- 
E-mail address: james |  ... taking out three "redundant" fiber backbones
@westexe.demon.co.uk  | buried in the same trench with a backhoe.
                      |    Why they buried the backhoe there, I'll never know.
                      |    -- Bruce Tomlin