Really, thats why the Tek....(maven, doubt that) name is pasted all over the linux forum.

No insult intended, you will just need a different knowledge set to talk about actual system security. If you have this knowledge and are just holding back, then the question is "why?" if you don't have it, you add no value to the conversation in your current state.

It really bugs me when people try to spin someone making an objective statement about their level of knowledge as an insult, but whatever makes you feel better about the situation I guess. I merely ask that you try and take what I say at face value.

*benefit of the doubt*
How do you feel that Linux's access control system compares to NT's? Do you have any thoughts on how these differences may vary as systems get more and more distributed with concepts like ASP and whatnot?
It is my belief that Linux's lack of both modular and centralized granularity of not only access controls but privileges as well will continually force security controls further and further away from the security kernel itself leading to a lower level of assurance across the enterprise resulting in a greater chance of inside compromise and a greater reliance on secure applications. All though this may make specific aspects of development and administration simpler, such that different admins can be responsible for different applications and development is simpler as fewer centralized security restrictions are in place. (Confused yet?)
The only correction I can see to this situation is the removal of the concept of "root" in Linux and the addition of more Harrison, Ruzzo, Ullman influenced access controls allowing greater control of specific resources while ensuring those rights are not propagated beyond their original design.
Now obviously if the Linux security model is followed application bugs will be even more critical than the currently are. I for one feel this is a bad situation as explained above. Naturally the migration to centralized trusted operating systems as access control servers would be ideal, but this would tend to be an impractical and unjustified expense for most organizations.

I'd love to hear your thoughts on the subject.

(your 50 character post)Oh yeah, pls dont answer a question with a question again! It makes you look like you don't know what your talking about. :lol:

Even though I know your banned, your yet you give any proof of your ideas. All you have done is ranted about mindless stuff.

When your unbanned, please show some evidence, and don't flame anyone.

quotes:
I completely agree. If I mess up a setting in Linux, I find that my whole Operating System may not be able to boot, with no way of fixing it.

Just so you know, I'm pretty good at everything Linux. I've been using it on and off for a few years - I'm no newbie by any definition. I'm sure that your set of computer knowledge is a subset of mine.

When your unbanned, please show some evidence, and don't flame anyone.

If you are so good at linux, then how do you mess up a setting that makes your system unbootable, and you can't fix it? Just curious. Also, if you are a moderator here, then why are you putting someone down by saying their knowledge is a subset of yours? And then you tell someone not to flame anyone. Whats up with that? How old are you?
Like I stated before, use the system that will work best for you, and if you want to expand your knowledge, then you can try other systems. To each his own.

I only put people down when I feel they have insulted me, my friends or my beliefs. I made that remark only because of his big statements - with no proof or study backing him up.

I completely agree with your thoughts. I have a mostly Windows network at home, but I do have a Novell NetWare server, and a NAT/DHCP/Firewall machine running Linux (The Smoothwall Distro).

Use what you like, when you see fit. Thats all.

Okay, this thread is *this* close to being locked. Tek, 2 wrongs don't make a right. As a moderator, you should be the first person to uphold all forum rules. You can't go and ban a guy for saying something nasty about someone and then go say something nasty about the guy you just banned for the exact same reason.

The only reason I'm saying this to the public is because I want everyone to understand that we all have to uphold the forum rules and that this is strictly enforced.

Please make this an intelligent debate.

Sorry if I hijacked this thread. I myself don't like to see a flaming war between anybody. If there is another way to communicate with someone, let me know. There are times when something that might need to be communicated, but not out in the open.

Sure, private messaging is available on the forums. There are multiple ways to do so:
Click the "Private Messages" link in the box below the navigation header on top of every page. Click the "User Control Panel" in the nav bar and then browse to private messages. Or click a member's username while viewing their post and click on "Send a private message"

Click the following link for more information.
http://www.daniweb.com/techtalkforum..._vb_pm_explain

Thanks cscgal, I quess I should look around this site for more info.

Where is this going, with the security side of things?

For one, OpenBSD isn't Linux-- it's just another Free OS. The reason it's called "secure by default" is because when you install it, it's got every port closed on it with the exception of port 22, SSH, which is audited for security holes, and can, for all intensive purposes, be considered secure in itself.

But, for logging, it's always sufficed for me. Nearly every network service has the ability to log events like successful/failed logon attempts and access violations. If it doesn't have that function, you'd be silly, IMHO, to use it. My personal opinion has always been that a newbie shouldn't run a server on the internet without fully knowing the implications of doing so. Sure, you can configure any system to be insecure, so "secure by default" is just a baseline, so to speak, that you can be assured of when installing that system.

I would, however, have to agree on the access control lists side. General rwxrwxrwx UNIX permissions can be a little cumbersome. I'm not up to speed on some commercial UNIX implementations, but I do believe that many of them now have support for ACLs in them. There are projects in the works to incorporate ACL support in Linux, and all of the BSDs, if I'm not mistaken. There are some ways around this, NIS, for example, where you can put groups within groups, thus giving you finer and easier control over who has access to what. With the way UNIX permissions are right now, you are still able to assign different users different roles in configuration, just by setting different file permissions.

Personally, I don't mind the root account. If you configure your system properly and keep on top of the latest patches for whatever services you're running, you shouldn't be too concerned about people gaining escalated priviledges on your system. If the admin of the system is judicious about when to use and when not to use the root account, then that's just another way to keep the system safer.

Really, we shouldn't be looking at whether a system's secure "by default" when we set up a server. We should instead be looking at how secure we can make it from an out-of-the-box state. If you look at it like that, you can pretty much lock down any server.

Tekmaven vbmenu_register("postmenu_3714", true); njwnews never said he had 120gigs of ram ,he said he had a 120gig hard disk:!: :cheesy: