OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Buchan Milne (bgmilnecae.co.za)
Date: Thu Jan 17 2002 - 09:35:41 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Denis HAVLIK wrote:

    > On Thu, 17 Jan 2002, Buchan Milne wrote:
    >
    > + So, in light of this kind of question, would it be worthwhile to setup a
    > + set of guidelines for what kinds of questions experts should be
    > + comfortable in NOT answering, and maybe a page on mandrakesecure.net
    > + explaining why such questions will not be answered?
    > +
    > + Comments?
    >
    > Can I quote this letter on MandrakeForum? I love the story, and we may
    > even get some comments saying "what else should NOT be answered".

    Not yet, I have a lot more to write .... see below. This will probably
    be another long one like my samba-2.2.2 article (which is now at about
    no12 by hits!)

    >
    > But: I do NOT believe in security by obscurity. I NEED to know how to
    > make root telnet login possible, in order to know how to forbid it, and
    > this knowledge may make me a beter sysadmin in the end...

    True, but is this necessarily a good thing when probably helping an
    inexperienced, non-scurity-conscious user actually implement this on a
    real network? I agree that such things are useful as teaching aids as to
    how the system works (granted that the whole network is secure - ie 2
    machines only, no modem or other net connection), but should never be
    implemented on a production/personal(with important docs) machine. If
    the user had said:

    I am building a honeynet, and want to try and trap potential
    script-kiddies, then the securety(5) hint should have been enough of a hint.

    You know what the only secure computer in the world is, don't you? The
    one with no users logged in, no network connections, locked in a safe,
    and turned off! That is the only machine I would enable root telnet
    access on!

    > However, the best way to answer questions has always been pointing people
    > to relevant documents - I bet that Mandrakesecure, MandrakeUser and
    > MandrakeForum documentation covers 90% of the questions which appear on
    > the "Expert", and we should work in the direstion of cowering more and
    > more of questions with pre-made answers rather than wasting time on
    > actually WRITING it over and over again.

    Which is exactly why mandrakeexpert needs to FORCE someone to search
    through:
    -mandrakeuser
    -mandrakeexpert archived questions.
    -mandrakesecure
    -errate page
    during the process off adding their question.

    Also, if users are accessing archives questions on mandrakeexpert, they
    should be able to rate an answer (particularly the really good ones),
    which should contribute to the score of the author.

    Buchan 

    -- 
|----------------Registered Linux User #182071-----------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work       +27 82 472 2231 * +27 21 808 2497 ext 202
Stellenbosch Automotive Engineering         http://www.cae.co.za

    For help, email discuss-helpmandrakesecure.net; to unsubscribe send a
message to discuss-unsubscribemandrakesecure.net.  To visit MandrakeSecure,
go to http://www.mandrakesecure.net/.