1 Dec
2010
1 Dec
'10
2:22 p.m.
2010/12/1 Nico Kadel-Garcia nkadel@gmail.com:
Anyone willing to contribute funds (or time) to such a study? It would be educational experience and good PR, at the least.
Oh, I know the holes and which would be straightforward to get to. There's generally enough lower hanging fruit with NFS stored passwords, email with passwords, and poorly managed elevation via SSH keys as policies before I even got there that this protection is like putting a bike lock on a jello mold.
How about production like server:
- firewall installed - selinux disabled - all services except ssh and httpd disabled -> sshd login enabled only with ssh keys and httpd protected via mod_security ? - cis hardened fixes applied to os - latest kernel patched applied
-- Eero