Date: Wed, 10 Jan 2007 11:44:17 -0500 From: "N.J. Thomas" <njt@ayvali.org> To: VeeJay <maanjee@gmail.com>, FreeBSD-Questions <freebsd-questions@freebsd.org> Subject: Re: How dangerous a Standard User could be to a FreeBSD box? Message-ID: <20070110164417.GB579@ayvali.org> In-Reply-To: <2cd0a0da0701100424y1f15717es81a7536c1e1e5a9a@mail.gmail.com> References: <2cd0a0da0701100424y1f15717es81a7536c1e1e5a9a@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
* VeeJay <maanjee@gmail.com> [2007-01-10 13:24:22 +0100]:
> How dangerous a Standard User could be to a FreeBSD box?
Like another poster mentioned, it depends on a variety of factors. Three
things I can suggest to help you minimize security risks from local
users:
- keep your machine and software packages updated
- have policies and procedures in place detailing an Acceptable Use
Policy (AUP) and the consequences of violating them; and use it
when you have to (a lot of places have a ton of elaborate and
well-written AUPs which are never enforced)
- keep your user "shell" machines completely separate from your
other servers (web, imap, et al.), separate boxes, separate subnet,
separate passwords, etc.;
this should be obvious, but a lot of people run a lot of critical
services on the same machines that they allow users access to and
then they are surprised when a fork bomb takes down their mail
infrastructure
hth,
Thomas
--
N.J. Thomas
njt@ayvali.org
Etiamsi occiderit me, in ipso sperabo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070110164417.GB579>