FC3 Security
Robin Laing
Robin.Laing at drdc-rddc.gc.ca
Wed Mar 9 17:59:30 UTC 2005
James Wilkinson wrote:
> Jeff Kinz wrote:
>
>>Any IT dept that equates sshd to a server is either not up to snuff
>>technically (and in a really bad way.), or they are being duplicitous.
>>(Thats another word for lying)
>
>
> If it's open to the outside world? Yes, I'd call that a server. There
> have been remote security vulnerabilities in both OpenSSH and SSH.com's
> offerings. And I'd want to be sure that the box was being looked after,
> had sensible passwords, and was being patched promptly.
>
> "Server" doesn't necessarily mean high-bandwidth. But it does mean
> certain security assumptions.
>
> James.
>
But from the original post, all computers are open to the outside
world and the users are responsible for their own security and have to
run their own firewalls. I may have misunderstood this point but to
me this is a major security risk from the get go in a Windows
environment. One professor or student re-installing their OS but not
the updates and poof, all hell breaks loose.
My short experience with Windows after win3.11 is limited but in all
cases it was a nightmare with virus and Trojans being caught by
anti-virus software on an almost daily basis in an organization behind
a firewall.
--
Robin Laing
More information about the fedora-list
mailing list