[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security Plan



> 
> > Because people need to share data easily for work Unix by default does
> > not try to put strong barreers against people in the same organization
> > (it is implicitly assumed employees are loyal and none is a spy
> > working for a competitor, notice that if one of your employees is
> > disloyal he will have many opportunities to gather information from
> > non electronic sources).
> 
> good point. It seems that if indy is aimed at the home user, then internal
> security is not a high priority, but external security should be. This
> doesn't mean that there should be wide gaping holes in the internal
> security, just that it shouldn't be locked down so tight that a user has
> difficulty using the system.
> 

Home user is one of its goals not the only pne.

> IIRC, during installation indy asks the user how the machine is going to
> be used choices are server, desktop, workstation and custom. A user who
> chooses 'server' is likely to have a greater need for internal security
> than the other two. Perhaps we could discriminate like this over security.

However a home user needs good external security because he will not
protected by a firewall and he is not as likely as a trained sysadmin
to know how to protect the box.  In the "home user" install in 6.0 I
cared to not install tftp and similar problematic servers but there
was little more I could do.

> If the installations are going to be internet connected at some stage (a
> valid assumption), then they all need external security, but perhaps the
> server's needs to be more bullet-proof?
> 

Not necessarily.  See above.  In addition a web server is also meant
to spread info while a database is supposed to keep it under lock and
key.

-- 
			Jean Francois Martinez

Project Independence: Linux for the Masses
http://www.independence.seul.org