[nSLUG] Time to upgrade the server OS...
George N. White III
aa056 at chebucto.ns.ca
Wed Sep 22 09:31:53 ADT 2004
On Wed, 22 Sep 2004, Dop Ganger wrote:
> Just because a set of some web servers are capable of using features such
> as Xprint doesn't necessarily mean that all web servers need to have KDE
> or Gnome, though. Firewalls don't (should not) need to run Matlab. Backup
> MX servers don't need to render fonts to relay mail. It seems to me that a
> lot of people are forgetting that one of the primary principles of
> security is to have only the services running that are absolutely
> necessary, and not to install services that are not required since they
> only increase risk.
It isn't forgetting, it is that people get rewarded for flashier, more
dynamic web sites. Few organizations reward people for systems that just
quietly go about their work without causing problems. If your web server
does get hacked you get to ask for more resources. In this environment it
is much more important to install services that might be needed because
you will be in trouble when someone can't do something silly because the
services weren't installed.
I knew a guy who was good at his job. He never had a crisis to resolve
because his systems were robust and he dealt with potential problems
before they became serious. He was laid off because others with the same
job were working much harder and even showed dedication to come in and fix
problems (e.g., deal with an overfull filesystem) at 2am on weekends!
George N. White III <aa056 at chebucto.ns.ca>
Head of St. Margarets Bay, Nova Scotia, Canada
More information about the nSLUG