Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Security-Discuss] MDK Update And Shorewall
From: steve szmidt (steveszmidt.org)
Date: Wed Sep 22 2004 - 12:25:37 CDT
On Wednesday 22 September 2004 12:11 pm, Matt Parker wrote:
> On Wednesday 22 Sep 2004 16:53, steve szmidt wrote:
> > I agree that it would have been better if it automatically closed the
> > connection before removing the fw. Though most sensible network admins
> > disconnect the network cable before doing any kind of firewall upgrade.
> In which case, how do I use Mandrake-Update to connect and get the updates?
> This breaks the pattern of how Mandrake-Update normally works - normally
> the update is downloaded with the current package still running, then you
> restart the services that have been updated. In order to do it the way you
> suggest (and how I'm going to do it in the future) I'd have had to note
> down what packages were going to be updated, then download from an FTP
> mirror and manually install.
I don't run automatic update. I look at the packages available and select the
ones I want. This way I can do the firewall seperately.
At the same time I agree that some better logic should be applied by MDK. No
reason it could not stop the NIC while doing that type of work. But that's no
excuse not to be proactive about your own network security.
Of course when dealing with people who don't do this kind of thing every day,
MDK ought to realize as they are the most knowledgeable, so they need to be
more responsible towards endusers.
Security needs to be approached in a multilayer fashion. It cannot be given
away and be ignored by anyone. Fortunately you spotted what happend and can
take different actions for the next update. Hopefully MDK will also improve
their way of handling this kind of thing.
"They that would give up essential liberty for temporary safety
deserve neither liberty nor safety."
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com