Linux Today: Linux News On Internet Time.

More on LinuxToday

Help Net Security: Linux Security: Reflections on 2002

Jan 08, 2003, 10:00 (0 Talkback[s])
(Other stories by Bob Toxen)

[ Thanks to LogError for this link. ]

"I think that the major change in 2002 over 2001 in Linux security was that major heavily-deployed subsystems continued to get more hardened. The recent versions of Sendmail, LPD (Line Printer Daemon), and the commercial (ssh.com) version of SSH suffered no vulnerabilities. This may be a record for these subsystems.

"Non-Windows Apache did suffer the first discovered vulnerabilities in five years with Chunk and SSL. DNS suffered one that would be hard to use if one's firewall is properly configured. While OpenSSH suffered a number of problems, I do not yet consider it secure enough to deploy in 'Production' environments. The ssh.com version is free for Linux, more secure, and easier to use--so use it..."

Complete Story

Related Stories: