Timo Schoeler wrote:
thus Robert Moskowitz spake:
Timo Schoeler wrote:
thus Eero Volotinen spake:
Probably not, or someone would have found them in the last five years.
Probably yes, it's hard to security audit complex software packages.
Yes; my bet would be that OpenBSD's smtpd will be the most secure MTA (when it hits the streets for production). That does NOT mean that it is scalable (well, yet to prove).
At least I don't want to run software with poor security track on my public servers.
So you don't run the Linux kernel? Wade through the changelog sometime. Or BIND? it is unrealistic to think large software packages don't have bugs or that they won't be found and fixed over time.
I usually prefer softwares with good security track. Anyway kernel is not usually exposed directly to internet,
An IP stack which is part of the kernel *is* (more or less) directly exposed to the internet as long as there's the appropriate cable connected to that machine.
I am working on Smart Grid and am hearing talk about we can secure the Smart Grid with Layer 2 security and we are done. ARGH!!!! I gave a presentation on this at the 802 meeting last week. Sometimes I feel like I am beating on mush...
Ah, you're talking of 802.1x? Nothing funnier than marketing guys telling you how to secure and run your network. ;)
Worst. 802.1X is admission control. It is NOT Layer 2 security. 802.1AE, 802.11i CCMP are examples of Layer 2 security. Now 802.1X tends to run a Key Management System to provide keying for Layer 2 security.