From: RB <aoz.syn@gmail.com>
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] hardened workstation - is that worth it?
Date: Tue, 25 Nov 2008 15:14:47 -0700 [thread overview]
Message-ID: <4255c2570811251414p5e437865me4149d45a9f961f4@mail.gmail.com> (raw)
In-Reply-To: <200811252158.06957.janklodvan@gmail.com>
On Tue, Nov 25, 2008 at 14:58, Jan Klod <janklodvan@gmail.com> wrote:
> Actually, that sound like there is practically no way to keep networked
> workstation really secure.
That's kind of outside the realm of this discussion. The difference
between the attack surface of a network interface versus that of a
local application is several orders of magnitude. Local applications
have filesystems, local sockets, shared memory, hardware, and many
other channels they can use to communicate with and subvert others,
whereas a system that is simply networked has a single point of entry.
> As a conclusion of what I have read this far I can state: hardened OS is
> useless for non-server. Would that be too much? Well, I think, in a "black
> and white" no. (later is a discussion of what is better: to have 3 holes or
> 300)
The problem, as I see it, is that you haven't defined your problem
scope. Taking "extra precautions" is nice, but unless you [even
broadly] classify what you consider a viable threat, you're not going
to gain much ground. My advice would be to sit back and try to define
what you're defending against. There are measures you can take, but
blindly applying security policies is more likely to end up with a
broken system than a secure one.
next prev parent reply other threads:[~2008-11-25 22:14 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-25 15:00 [gentoo-hardened] hardened workstation - is that worth it? Jan Klod
2008-11-25 15:56 ` Alex Efros
2008-11-25 16:39 ` Jan Klod
2008-11-25 20:40 ` Alex Efros
2008-11-25 20:51 ` Javier Martínez
2008-11-25 20:56 ` Alex Efros
2008-11-25 19:58 ` RB
2008-11-25 20:36 ` Javier Martínez
2008-11-25 21:24 ` Jan Klod
2008-12-05 15:29 ` pageexec
2008-12-05 16:38 ` Brian Kroth
2008-12-05 17:21 ` Javier Martínez
2008-12-05 17:22 ` pageexec
2008-12-05 17:31 ` Javier Martínez
2008-12-05 17:48 ` Ned Ludd
2008-12-05 17:11 ` pageexec
2008-11-25 21:12 ` Jan Klod
2008-11-25 21:47 ` RB
2008-11-25 21:58 ` Jan Klod
2008-11-25 22:11 ` atoth
2008-11-25 22:14 ` RB [this message]
2008-11-26 11:39 ` Jan Klod
2008-11-25 23:23 ` Javier Martínez
2008-11-26 2:02 ` [gentoo-hardened] " 7v5w7go9ub0o
2008-11-26 2:34 ` Alex Efros
2008-11-26 17:31 ` 7v5w7go9ub0o
2008-11-26 6:09 ` atoth
2008-11-26 17:41 ` 7v5w7go9ub0o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4255c2570811251414p5e437865me4149d45a9f961f4@mail.gmail.com \
--to=aoz.syn@gmail.com \
--cc=gentoo-hardened@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox