The point of the audit software is to giving a finite list of flaws. If
you don't punch holes in your own security, and can detect when others do,
you can catch the tortoise.
I think that the only way to build a secure site of a large size is to use
test based programming. That way any change to the program is verified
against all previous development automatically.
On Wed, Feb 6, 2013 at 12:36 PM, Marc Grober <marc@interak.com> wrote:
>
>
> On Feb 6, 2013, at 11:21 AM, Tom Simes <simestd@netexpress.com> wrote:
> > Don't forget those sneaky individuals that roll their own distros, no
> > telling WHAT they are stuffing in the folds ;)
>
> Virtually anything can be hidden in plain sight in a *x system. As an SA
> do you run a regular report on changed time stamps? Clock anomalies?
> Reboots? sudo and su? How do you sort and address alarms and warnings? If
> you can't stop whatever, can you detect & remediate quickly enough? Bottom
> like is one of your worst enemies is your user demand for speed. Get rid of
> the users and life would be much more secure ;-)
>
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>
>
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Wed Feb 6 13:30:44 2013
This archive was generated by hypermail 2.1.8 : Wed Feb 06 2013 - 13:30:44 AKST