[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] [RaQ3] Port Sentry
- Subject: RE: [cobalt-security] [RaQ3] Port Sentry
- From: Graeme Fowler <graeme.fowler@xxxxxxxxxxxxxx>
- Date: Fri, 8 Jun 2001 09:13:01 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Tony wrote:
> And the portsentry alternative to deal with 20+ scans per day is....?
> Are you suggesting that running without Portsentry is better
> than running with it?
Probably, if all it's going to do is make you say "Oh no, I've been scanned
*again*!". Your computer is connected to the Internet. The Internet is a
hostile place. Get used to it.
Running any software which acts as a scan detector is either going to make
the hairs on the back of your neck stand up, or just shrug. You'll probably
shrug if you install it *and* ensure that your services are all up-to-date.
Remember that Security through Obscurity (ie. just using software to block
accesses to your machine) is a bad thing, and you're far far better off
ensuring that your services are not exploitable.
Admittedly this is difficult on Cobalt boxes, since Cobalt have been
renowned in the past for running slowly when it comes to releasing updates
for vulnerable software versions. Hopefully with Sun in charge this will
improve (although Sun haven't been the quickest off the mark at points in
the past, either...)
It's always better to actually *understand* what your software does. Run
Portsentry in 'stealth mode' if you must run it at all.
Graeme
--
Graeme Fowler
Systems Administrator
Host Europe Group plc