Security (was Re: smb.conf (a little help please))

[Chong Yu Meng]

On Fri, 2006-07-28 at 14:26 -0700, jdow wrote:

> If someone cracks the firewall and the internal
> Windows machine is more open than usual it's toast. It is also a route
> to toasting the rest of your system if it has too much smb privilege.

Actually, it doesn't even take a hacker to break through a firewall to
get at the computers on the network anymore. One of the many annoyances
that had me pulling my hair in utter frustration when I was
administrator, was the number of times people would download
"screensavers" (with spyware), and visit sites that had malicious
ActiveX content (and they always click "Yes" to install). I once had a
user with literally hundreds of spyware and Trojans on her computer. 

> the solution method potentially opening a VERY easy to
> exploit hole into the Windows machine even if the person who cracked
> the Linux firewall machine can't achieve root. That's a worry. I admit
> it is a small worry. But how else can I maintain my reputation for
> paranoia? {^_-}

Is it paranoia if they are really out to get you? ;)

Actually, paranoia is really good, especially if you are in charge of a
Windows network. Every week brings some new threat, annoyance or breach.
Ensures employment for network administrators everywhere.

-- 
Pascal Chong 
email:  chongym at cymulacrum.net 
web:    http://cymulacrum.net
pgp:    http://cymulacrum.net/pgp/cymulacrum.asc

"La science ne connaît pas de frontière parce que la connaissance
appartient à l’humanité. et que c’est la flamme qui illumine le monde."

-- Louis Pasteur
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060729/214c66a9/attachment-0001.sig>