Date: Mon, 8 Jul 1996 10:51:53 -0400 (EDT) From: Bruce Walter <walter@biostat.sph.unc.edu> To: stable@freebsd.org Subject: Re: smrsh Message-ID: <Pine.BSF.3.94.960708103338.10306B-100000@onyx.bios.unc.edu> In-Reply-To: <Pine.A32.3.91.960708091835.15515C-100000@biblioteca.campus.unal.edu.co>
next in thread | previous in thread | raw e-mail | index | archive | help
> It is imperative that wrapper is compiled with sendmail, and distributed > in this way. Pedro, The sad news (and bottom line) is that irregardless of compiling new sendmails and using tcp wrappers and whatever else, it is extremely hard to maintain a secure system. Whenever you have to open the doors to anyone, you're taking a risk. That's why security experts make $$$$. > A final user shouldn't have to recompile sendmail if he wants his machine > secured! That is unrealistic. Unix, as friendly as it has gotten, requires regular setup and maintenance for day-to-day operation, much less security. Any other concept is a pipe dream. And to put your faith in a pre-canned security schema is NOT viable. If you are REQUIRED to provide a bulletproof secured system, compiling a new sendmail shouldn't be a problem for you. If it is, there are probably thirty other holes just waiting to be exploited. The BOTTOM LINE folks, is that it's a constant effort to maintain security. The emphasis in the last sentence goes on EFFORT. It requires keeping up to date with sendmail releases, and YP fixes and about a zillion other factors. THIS CANNOT BE EXPECTED OUT OF THE BOX!!! Keep current with CERT and your software. Shutdown insecure services. Force regular password changes. And, most importantly, keep regular backups because there is almost always a hole somewhere. - Bruce ======================================================================== || Bruce Walter || CB #7400 McGavran-Greenberg Hall || || Information Technology Support || Chapel Hill, NC 27599-7400 || || Department of Biostatistics || Tel: 919-966-7279 || || University of North Carolina || Fax: 919-966-3804 || ======================================================================== || BSD Unix -- It's not just a job, it's a way of life! || ========================================================================
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.94.960708103338.10306B-100000>