Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling
 
PerlMonks  

Re: Security matters: keep thy doors closed!

by cjf (Parson)
on Jun 14, 2002 at 14:40 UTC ( [id://174537]=note: print w/replies, xml ) Need Help??


in reply to Security matters: keep thy doors closed!

As it appears, there really is no web site at this point that could claim to be 100% hacker proof.

Many try, none succeed. People can grasp that it's impossible to prove a program has no bugs, why can't they understand you can't prove something is 100% secure?

I’m wondering what are the steps undertaken to make this monastery secure, for example?

Obscurity. The code is only provided to a select group of people. Or maybe that detracts from it's security, you be the judge.

Some of the things to watch out for are...

Disable all services you don't need, choose your software carefully, implement a good security policy, and keep up to date with all the patches. Security is very simple.

And a few links from my homenode:

A super search for security on this site will also turn up many relevant nodes.

Update: Oops, I forgot to flame you for using the term hacker to refer to crackers. Consider yourself flamed ;).

YAU: to clarify the point on obscurity, yes the everything engine this site runs on is open source. However, last time I asked, the modified version that runs Perlmonks is not available to just anyone. Like I said, this has it's advantages and disadvantages.

  • Comment on Re: Security matters: keep thy doors closed!

Replies are listed 'Best First'.
Re: Re: Security matters: keep thy doors closed!
by vladb (Vicar) on Jun 14, 2002 at 15:07 UTC
    Oops, I actually realized that my use of 'hacker' in place of the proper term 'cracker' would be subject to ridicule ;-). I recall now that I too had a significant fight (friendly) with a friend of mine over his misuse of the word 'hacker'. And how could I miss it now myself! rofl. I agree that the proper word to use is 'cracker' after all. However, isn't 'cracker' = 'malicious hacker'?

    Thanks a million for your reply, cjf. It is (not surprisingly) thorough and to the point. I'll take some time to go over the links you've provided here.

    _____________________ 
    # Under Construction

    [download]
[reply]
[d/l]
      However, isn't 'cracker' = 'malicious hacker'?

      The exact definition of a cracker as provided by the jargon file is "One who breaks security on a system." However it also notes that a hacker is, among other things, "A person who enjoys exploring the details of programmable systems and how to stretch their capabilities."

      It's easy to see how the two definitions can overlap. If I break the security of a system which I am authorized to perform a security audit on, which am I? This isn't a very important difference, the main distinction is more or less based on legality (although there are several exceptions).

      This may all sound very trivial, it's just a word right? Consider if in a year the major media outlets started using the term "programmer" to refer to computer criminals. Why change the meaning of a word because some reporters don't know what they're talking about?

[reply]
        I think the diference between hackers and crackers is that a cracker who compromised a system would trash it or damage it (e.g. change passwords, install root kit, etc.) a hacker wouldn't do these things and merley compromises the system to test it or for the fun of it.

        ~~rob
        ____________________________________________________________
        eval pack "h*", "072796e647022245d445f475454494c5e622b3";

[reply]
Re: Re: Security matters: keep thy doors closed!
by theorbtwo (Prior) on Jun 14, 2002 at 21:45 UTC

    You are indeed correct in your Yet Another Update; the source is available to pmdevils and gods, and patches can be submitted by pmdevils, but only applied by gods.

    I thought this was a bad thing (see my bigest XP sink, Let the doors open Wide), but have since reconsidered -- reading the changelogs and seeing the number of security bugs fixed since then makes me belive that opening the source to randoms would increase greatly the risk of being hacked by trolls.

    We are using here a powerful strategy of synthesis: wishful thinking. -- The Wizard Book

[reply]
Re: Re: Security matters: keep thy doors closed!
by BigJoe (Curate) on Jun 15, 2002 at 09:04 UTC
    If systems were secure people like us wouldn't have jobs. So maybe MS isn't such a bad company the keep the IT sector booming with new security jobs(chasing the wild goose).

    --BigJoe

    Learn patience, you must.
    Young PerlMonk, craves Not these things.
    Use the source Luke.
[reply]
      So maybe MS isn't such a bad company the keep the IT sector booming with new security jobs

      If Microsoft went out of business (something that will happen soon after the insurance companies get their act together) there would be just as many, if not more security jobs.

      This is partially due to the growth rate of the security industry, and partially due to the fact that a poorly configured Linux/BSD/whatever system is at least as vulnerable as a well maintained Microsoft system. Individual system security is also only a small part of the industry.

[reply]

In Section Meditations

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://174537]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others browsing the Monastery: (3)
As of 2024-04-16 06:24 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found