---

Linux.com.sg (Singapore): Regarding Network Security

[ Thanks to Ng Kai
Hoe Raymond
for this link. ]

“The only way to stop these attacks is to update the server
software regularly, so that these hacking programs cannot abuse
those bugs which are now updated and solved. Contrary to popular
romanticized notions, most hackers are not in any way brilliant or
talented, hackers do not need to be talented to follow cookbook
procedures readable from hackers’ websites. However most hackers
are usually gifted in 2 other characteristics, a huge excess of
free time and a great degree of patience.”

I personally think the main philosophy behind network
security is to first deny all server functions and then
subsequently allow the server functions that we cannot do without.
The main motivation behind this philosophy is that if there is no
server functions running in the first place, there is no server
software bug which can be abused, thus reducing the chance of being
hacked to nearly nil.
However, we do know a server without any
functions is practically useless, we have to allow the server to
have certain functions for it to be useful. Such functions can be
email serving or web serving. There is always a compromise between
usability and security. However, upon allowing such server
functions we have to keep the server software updated so that
hackers cannot abuse the bugs that are present in them.”

“Network security is rarely dependent on the operating system
used. Any operating system is insecure out of the box, a system
administrator has to put in the time and effort to disable
unnecessary network services and to patch the operating system and
the server software for any bugs which are found. When a server
gets hacked, it says little about the operating system used but it
says a lot more about the preventive measures that has been taken
against hacking.”

Complete
Story