1 |
On Tue, Nov 25, 2008 at 14:58, Jan Klod <janklodvan@×××××.com> wrote: |
2 |
> Actually, that sound like there is practically no way to keep networked |
3 |
> workstation really secure. |
4 |
|
5 |
That's kind of outside the realm of this discussion. The difference |
6 |
between the attack surface of a network interface versus that of a |
7 |
local application is several orders of magnitude. Local applications |
8 |
have filesystems, local sockets, shared memory, hardware, and many |
9 |
other channels they can use to communicate with and subvert others, |
10 |
whereas a system that is simply networked has a single point of entry. |
11 |
|
12 |
> As a conclusion of what I have read this far I can state: hardened OS is |
13 |
> useless for non-server. Would that be too much? Well, I think, in a "black |
14 |
> and white" no. (later is a discussion of what is better: to have 3 holes or |
15 |
> 300) |
16 |
|
17 |
The problem, as I see it, is that you haven't defined your problem |
18 |
scope. Taking "extra precautions" is nice, but unless you [even |
19 |
broadly] classify what you consider a viable threat, you're not going |
20 |
to gain much ground. My advice would be to sit back and try to define |
21 |
what you're defending against. There are measures you can take, but |
22 |
blindly applying security policies is more likely to end up with a |
23 |
broken system than a secure one. |