| 1 |
On Tue, Nov 25, 2008 at 14:58, Jan Klod <janklodvan@×××××.com> wrote: |
| 2 |
> Actually, that sound like there is practically no way to keep networked |
| 3 |
> workstation really secure. |
| 4 |
|
| 5 |
That's kind of outside the realm of this discussion. The difference |
| 6 |
between the attack surface of a network interface versus that of a |
| 7 |
local application is several orders of magnitude. Local applications |
| 8 |
have filesystems, local sockets, shared memory, hardware, and many |
| 9 |
other channels they can use to communicate with and subvert others, |
| 10 |
whereas a system that is simply networked has a single point of entry. |
| 11 |
|
| 12 |
> As a conclusion of what I have read this far I can state: hardened OS is |
| 13 |
> useless for non-server. Would that be too much? Well, I think, in a "black |
| 14 |
> and white" no. (later is a discussion of what is better: to have 3 holes or |
| 15 |
> 300) |
| 16 |
|
| 17 |
The problem, as I see it, is that you haven't defined your problem |
| 18 |
scope. Taking "extra precautions" is nice, but unless you [even |
| 19 |
broadly] classify what you consider a viable threat, you're not going |
| 20 |
to gain much ground. My advice would be to sit back and try to define |
| 21 |
what you're defending against. There are measures you can take, but |
| 22 |
blindly applying security policies is more likely to end up with a |
| 23 |
broken system than a secure one. |
Archives