[CentOS] Cacti/snmp question
Whit Blauvelt
whit at transpect.com
Wed Jun 16 13:44:45 UTC 2010
On Wed, Jun 16, 2010 at 08:01:26AM -0500, Les Mikesell wrote:
> If have firewalling to protect from security issues, why not just run an older
> version of cacti?
Sensible suggestion. One, it's not obvious where to find an older version.
Two, hours of attempting to get cacti to work have led me to be
underimpressed with the whole project. Three, we have good external
firewalling, and are a small enough shop not to worry about malicious
employees. But if an employee manages to get a virus on their Windows box
due to some new drive by zero day exploit, some viruses probe the LAN with
requests to check if known-vulerable web apps exist there (ahem, this has
happened to us, and I've seen the probes). While we could tighten internal
firewall rules more, bottom line is running known-insecure web apps on an
LAN isn't a brilliant idea, even if I did a few messages back indicate a
willingness to make that compromise.
Whit
More information about the CentOS
mailing list