bastille setup concerns
Eric Gilliland
jegilliland at hotmail.com
Thu Dec 27 20:17:51 CST 2001
>See, this is the Microsoft Market - trust someone else to do it for >you,
>trust that they didn't keep a copy of the key.
>
>What about reading throughout the Bastille docs, and looking at the >issues
>they mention one at a time?
Actually, I was planning to read the docs for Bastille before starting it.
If I was really the MS market, I wouldn't even be putting up with the hassle
of trying to learn linux, I'd just update to XP and go about my merry,
clueless way, wouldn't I?
I was only concerned about making the right choices, since my knowledge is
limited at this point.
> > -----Original Message-----
> > From: Eric Gilliland [mailto:jegilliland at hotmail.com]
>
> > I am planning to run the InteractiveBastille tonight after
> > work. I'm not sure your confidence that I know best what
> > should be turned on and off is deserved, but I'll try.
>
>See, this is the Microsoft Market - trust someone else to do it for you,
>trust that they didn't keep a copy of the key.
>
>What about reading throughout the Bastille docs, and looking at the issues
>they mention one at a time?
>
>I know that if this is your only PC, and it's front-line on the Internet
>without a firewall or anything, you're taking a risk. That's why I try to
>get people to learn Linux on a non-production non-essential box, so there's
>no pressure to use configuration programs that "think for you", and you can
>learn what you're doing and why.
>
>I know of a company that's trying to roll out VPN, and they're having Zone
>Alarm installed on each system. Great for you or me - lots of features,
>logging and reporting. But I'm dealing with people who can't follow three
>lines of literal instructions every day, and putting Zone Alarm on their
>computer is basically signing up for hours of service calls. It would be
>more cost effective to give them each an SMC Barricade with remote admin
>enabled.
>
>You should consider this - build a very basic Linux firewall, with the LRP
>or following a HOWTO that will walk you through the steps one-by-one. Then
>put your workstation behind it, and start looking at security HOWTO's and
>stuff like Bastille, and figure out just how much of the admin you want to
>turn over to some stranger in France or Redmond.
>
>The first thing I do is I rip out linuxconf, and anything else that has
>it's
>own config scheme that overwrites the settings of the standard, text-based
>config files. Then _I_ set up xinetd, _I_ set up the firewall rules, and I
>go one step at a time through securing what needs to be secured.
>
>Bastille is great, but if you read it carefully you'll find out that
>there's
>a bunch of stuff you don't need to worry about.
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
More information about the Kclug
mailing list