> However, I'd like to see those get used as one of the last things done
> to secure a machine, not the first.
I don't think anyone was suggesting that OS masking was anything near
a complete security solution. I still don't think you're quite
convinced how handy this can be. Consider the following:
It's *extremely* hard, if not impossible, to *gaurantee* that your
services(1) are secure. It's likely that someone, somewhere, sometime,
will have working code to exploit *something* your machine is doing.
They now start looking for machines to hack. Their exploit is specific
to a certain arch/OS/daemon/whathaveyou. They start scanning looking
for that specific quality which they can exploit. If your system
doesn't easily present the information required to get a match against
that quality, their scanner is likely to skip your machine and go onto
the next (maybe the honeypot I setup on that subnet ...).
Advertising your details is like hanging a dated list of parts used to
construct your house on the front door. Somebody's likely to have a
lockpick to beat that 32-notch triply reinforced stainless platinum
lock you just got (or maybe just a really big diamond drill ...).
Yes, the fact remains you're still vulnerable. I don't know about
you, but I think someone would notice me hanging outside their front
door peering into their lock with a stash of tools sitting beside me.
I'd probably just move onto the house I knew I could get into when I
drove through your neighbourhood. Wouldn't you?
I'd list this as one of the things I'd consider doing by default.
(1): Most servers run a fair number of relatively complex services.
A server isn't much use if it doesn't run anything. (Typical example:
smtp, ftp, ssh, http, and pop running on one machine.) Or, using the
door analogy: your house probably has windows and doors and hinges and
...
-bk
Received on May 04 2000
Intro
