[Nottingham] Mail? and services hardening

lists at voila.fr lists at voila.fr
Fri Sep 24 20:43:33 BST 2004


> It also gives something else to think about with security and 
> firewalls, any service like mail (is sendmail the old version?) on a 
> network computer makes it more vulnerable, so if the box is on the 
> internet you'll want to make sure you keep it fully patched. 
> Alternatively have a firewall protecting the service from the internet. 
> My firm's hardening standards require that mail and any other 
> "unnecessary" service is not started.
> 
I've ranted about this before and I'll rant again. It shouldn't be a hardening standard that has to explain what should be installed on a *nix box. Sensible sys admins shouldn't install everything and then remmove stuff, they should start with the minimal bare bones install and then only add what is needed for whatever server or workstation they are going to setup. This is after all for a company, that I presume is trying to make some money, and that doesn't want sendmail, telnet, or a bloody SETI daemon running on a production box.

Sorry, 

Matt


------------------------------------------

Faites un voeu et puis Voila ! www.voila.fr 





More information about the Nottingham mailing list