Really, thats why the Tek....(maven, doubt that) name is pasted all over the linux forum.
No insult intended, you will just need a different knowledge set to talk about actual system security. If you have this knowledge and are just holding back, then the question is "why?" if you don't have it, you add no value to the conversation in your current state.
It really bugs me when people try to spin someone making an objective statement about their level of knowledge as an insult, but whatever makes you feel better about the situation I guess. I merely ask that you try and take what I say at face value.
*benefit of the doubt*
How do you feel that Linux's access control system compares to NT's? Do you have any thoughts on how these differences may vary as systems get more and more distributed with concepts like ASP and whatnot?
It is my belief that Linux's lack of both modular and centralized granularity of not only access controls but privileges as well will continually force security controls further and further away from the security kernel itself leading to a lower level of assurance across the enterprise resulting in a greater chance of inside compromise and a greater reliance on secure applications. All though this may make specific aspects of development and administration simpler, such that different admins can be responsible for different applications and development is simpler as fewer centralized security restrictions are in place. (Confused yet?)
The only correction I can see to this situation is the removal of the concept of "root" in Linux and the addition of more Harrison, Ruzzo, Ullman influenced access controls allowing greater control of specific resources while ensuring those rights are not propagated beyond their original design.
Now obviously if the Linux security model is followed application bugs will be even more critical than the currently are. I for one feel this is a bad situation as explained above. Naturally the migration to centralized trusted operating systems as access control servers would be ideal, but this would tend to be an impractical and unjustified expense for most organizations.
I'd love to hear your thoughts on the subject.
(your 50 character post)Oh yeah, pls dont answer a question with a question again! It makes you look like you don't know what your talking about. :lol: