note
arhuman
<b>I totally agree with you when you say that we must be security aware.</b><br>
<br>
<b>However</b>, I real life you just CAN'T always setup the adequate security level.<br>
<br>
I mean security is almost always a tradeoff for ease of use...<br>
<br>
Of course you can recompile your kernel adding various security patches, audit your sources, log everything on your box,<br>
changes your password to a random one every week (and Remember it), disable all unused ports,<br>
set up a tcpwrapper AND a firewall, use secure protocol (ssh, IMAP(?)) and forbid the insecure ones (telnet, ftp...),<br>
you can spend 2 hours a day browsing for security holes on vulnerability lists and patching all your proggies to new versions...<br>
<br>
But will it be necessary for single user box, with no sensitive data and connected few hours a day to the net ?<br>
Even if some of you scream 'YES' the answer is 'no' (mainly
beccause of the hours lost in the patching/upgrading work ;-)<br>
<br>
Security must be adapted to the level of security you NEED.<br>
<br>
Enhance the security where it's necessary (or at least where it's the most efficient).<br>
<br>
Don't ge me wrong ! in a perfect world (where I would get paid to do it full time with skillfull user accepting the drawbacks)<br>
the 'everything should be secure' policy would be fine.<br>
Sadly, My boss think my job is to code as much as I can, and allow me almost no time to administer 5 servers and several workstations.<br>
My users say SCP is too complex and that they WANT to use their (unsecure) AceFTP client.<br>
So in this world I have to carefully use the few time I have to enhance the security with a maximum efficiency (with the little time/resource I have).<br>
<br>
So IMHO, even If you must be always security aware, there are some things that you can't afford to do.<br>
<br>
It remembers me the ([Merlyn]?) 10/10 rules about 'use strict' stating that any script with more than 10 lines<br>
or running more than 10 times should be using use strict.<br>
We should always use the strict pragmata, but we can't afford it for simple case...<br>
<br>
Have you ever wonder why there are so few b1 compliant computers ?<br>
It's only beccause REAL security make the use of a computer REALLY horrible.<br>
<br>
So even if it's not so clear, here is my message :<br>
<br><b>
Be security aware, especially beccause you CAN'T reach true security, and try to make things as secure AND easy AS YOU CAN.</b><br>
<br>"Trying to be a SMART lamer" (thanx to <a href="/index.pl?node=Merlyn&lastnode_id=1072">Merlyn</a> ;-)<br>
64670
64670