Discussion on:
View:
Show:
Part of my inspiration for this article was my dismay with the way Ubuntu misuses sudo -- and the way people actually argue it's somehow more secure than other, more traditional means of managing administrative privileges. I expect to take some flak for suggesting Ubuntu isn't the Second Coming of the mythic "perfect" OS, but that's a risk I'm willing to take. Someone has to say it.
both of us have said that before about Ubuntu. 
if they are to stupid to open their eyes, then they need to get screwed because of piss poor security design of the distro.
if they are to stupid to open their eyes, then they need to get screwed because of piss poor security design of the distro.
is windows appliance users, I always consider it interesting that a lot of the things they introduce to achieve that violate basic security principles.
I know you can put su back togther in it, but out of the box it's less secure. In my eyes if they've done something like that in one place, they've done it in others, so I won't touch it.
I know you can put su back togther in it, but out of the box it's less secure. In my eyes if they've done something like that in one place, they've done it in others, so I won't touch it.
it just isn't worth the effort to go though and fix their mistakes, when there are many distros that don't make those significant errors to choose instead.
Tweak the /etc/ssh/sshd_config file
Change the "PermitRootLogin" to "no"
---------------------
# Authentication:
#LoginGraceTime 120
PermitRootLogin no
#StrictModes yes
---------------------
then restart sshd service
Other:
Disable telnet
Secure VNC (or do not use VNC)
Change the "PermitRootLogin" to "no"
---------------------
# Authentication:
#LoginGraceTime 120
PermitRootLogin no
#StrictModes yes
---------------------
then restart sshd service
Other:
Disable telnet
Secure VNC (or do not use VNC)
edit /etc/pam.d/gdm
uncomment out or add the following line:
auth required pam_succeed_if.so user != root quiet
uncomment out or add the following line:
auth required pam_succeed_if.so user != root quiet
To specify which administrative user rights are available with sudo:
http://www.go2linux.org/sudoers-how-to
"If you use Firefox to browse the Web, and it turns out Firefox has some kind of scripting vulnerability that allows a malicious script on a Website to install a backdoor on your system"
Two step solution:
1. http://download.cnet.com/RemoveAdmin/3000-2381_4-10824971.html
2. https://addons.mozilla.org/en-US/firefox/addon/722
http://www.go2linux.org/sudoers-how-to
"If you use Firefox to browse the Web, and it turns out Firefox has some kind of scripting vulnerability that allows a malicious script on a Website to install a backdoor on your system"
Two step solution:
1. http://download.cnet.com/RemoveAdmin/3000-2381_4-10824971.html
2. https://addons.mozilla.org/en-US/firefox/addon/722
I love this quotation that Chad provides:
"Every time you increase the complexity of a system, you increase the opportunity for something to go wrong in its design. The more lines of code in your system, the more opportunities there are to introduce bugs when developing the system; the more bugs there are, the more opportunities you have for bugs that introduce security vulnerabilities."
That about says it all. Regardless of which operating system you're using, you should turn off every background service that isn't needed for your personal/business requirements; you should disable as many applications as possible from running at boot up or logon, and the only applications that should be installed are the ones you actually need.
To disable services in Windows, run "services.msc" from the Run menu. In Linux there are similar graphical interfaces in both Gnome and KDE.
To disable certain apps from running when you boot up your Windows PC, use Autoruns:
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
"Every time you increase the complexity of a system, you increase the opportunity for something to go wrong in its design. The more lines of code in your system, the more opportunities there are to introduce bugs when developing the system; the more bugs there are, the more opportunities you have for bugs that introduce security vulnerabilities."
That about says it all. Regardless of which operating system you're using, you should turn off every background service that isn't needed for your personal/business requirements; you should disable as many applications as possible from running at boot up or logon, and the only applications that should be installed are the ones you actually need.
To disable services in Windows, run "services.msc" from the Run menu. In Linux there are similar graphical interfaces in both Gnome and KDE.
To disable certain apps from running when you boot up your Windows PC, use Autoruns:
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
