Linux.com.sg (Singapore): Regarding Network SecurityNov 02, 1999, 20:18 (1 Talkback[s])
(Other stories by Ng Kai Hoe Raymond)
[ Thanks to Ng Kai Hoe Raymond for this link. ]
"The only way to stop these attacks is to update the server software regularly, so that these hacking programs cannot abuse those bugs which are now updated and solved. Contrary to popular romanticized notions, most hackers are not in any way brilliant or talented, hackers do not need to be talented to follow cookbook procedures readable from hackers' websites. However most hackers are usually gifted in 2 other characteristics, a huge excess of free time and a great degree of patience."
"I personally think the main philosophy behind network security is to first deny all server functions and then subsequently allow the server functions that we cannot do without. The main motivation behind this philosophy is that if there is no server functions running in the first place, there is no server software bug which can be abused, thus reducing the chance of being hacked to nearly nil. However, we do know a server without any functions is practically useless, we have to allow the server to have certain functions for it to be useful. Such functions can be email serving or web serving. There is always a compromise between usability and security. However, upon allowing such server functions we have to keep the server software updated so that hackers cannot abuse the bugs that are present in them."
"Network security is rarely dependent on the operating system used. Any operating system is insecure out of the box, a system administrator has to put in the time and effort to disable unnecessary network services and to patch the operating system and the server software for any bugs which are found. When a server gets hacked, it says little about the operating system used but it says a lot more about the preventive measures that has been taken against hacking."