[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] How secure are RAQ's out of the box?
- Subject: [cobalt-security] How secure are RAQ's out of the box?
- From: "Ervin Tarkhanian" <ervin@xxxxxxxxxx>
- Date: Fri, 21 Sep 2001 10:30:39 -0700
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Security Gurus,
I'm pretty new to the *NIX world, being an NT guy for a while. I see the
definite advantages of *NIX over NT, but I was just wondering how secure
these Cobalts are out of the box (RAQ4). I just had a buddy of mine run a
security audit on his RAQ4 for about 730 vulnerabilities using Nessus, and
his box is about 0.9% secure according to Nessus, 90% is the desired range.
I know that some of the vulnerabilities can be taken care of pretty easily,
but I was just wondering if Cobalt takes any steps to tighten security when
creating the Cobalt/Linux OS for the RAQ's. After all, this is supposed to
be a "Hosting" appliance with a couple of hundred sites/customers per
server. (And believe me, not all customers know what their doing, and do
upload vulnerable cgi scripts.) Wouldn't security vulnerabilities be one of
the highest priorities?
I know, I know, Cobalt's are probably really made for ease of
use/administration, and the price to pay for user friendliness is flawed
security. But if anyone has some sort of guideline to secure RAQ4's
(besides the latest patches), your comments are welcome and appreciated.
Thanks in advance.
Best regards,
Ervin