“Both Windows NT and Linux install many unnecessary, non secure
services by default (think SMTP Message Transfer Agents, Telnet and
FTP servers, and news servers). Administrators should strive to
keep as little as possible on each server. The fewer windows for
opportunity, the better.”
“The hack that felled www.hackpcweek.com teaches a very
important lesson: Security doesn’t stop at the operating
system.“
“Also contributing to the hacker’s success were incomplete
security updates on our test site. At the time we began the tests,
Red Hat Software Inc. had 21 security updates available for Red Hat
6.0, which had been out for only a couple of months. (PC Week Labs
will apply the patches to the Linux server and update the scripts
for further testing.) While any operating system needs patches and
updates, there is no central repository for testing or approving
patches to the Linux system. Kernel patches can be obtained from a
verified source such as kernel.org, but most other components have
no central infrastructure.”