From release notes for FC5T3 (web)
Les Mikesell
lesmikesell at gmail.com
Wed Mar 8 06:41:05 UTC 2006
On Tue, 2006-03-07 at 23:48, Michael H. Warfield wrote:
> You want to ignore fundamental security principles at your convenience
> and use other security vectors and principles as your defense. You've
> got a "patch it" mentality. Patch it and you can ignore other basic
> security principles.
More to the point, you can actually use the service when you
need it.
> But modern security takes "defense in depth" as
> axiomatic. This you choose to ignore. Ignore it your peril.
What you are ignoring is that if nobody runs services they
won't be fixed when you do have a need for them.
> Patching helps, but defend against the unknown holes as well.
> Firewalls help, but so does tcpwrappers. They do the same things but
> differently. So use the both. When one thing fails, the next defends
> you. They can't break in through something you didn't install. If they
> break in, they can't exploit some stupid asinine local exploit to gain
> root and install a root kit on your ass. It happens. It has happened
> and it will happen.
And it will keep happening until the code is fixed. Then it stops
happening. The code won't be fixed if no one runs it.
--
Les Mikesell
lesmikesell at gmail.com
More information about the fedora-list
mailing list