[nSLUG] Time to upgrade the server OS...

George N. White III aa056 at chebucto.ns.ca
Wed Sep 22 09:31:53 ADT 2004

On Wed, 22 Sep 2004, Dop Ganger wrote:

> Just because a set of some web servers are capable of using features such
> as Xprint doesn't necessarily mean that all web servers need to have KDE
> or Gnome, though. Firewalls don't (should not) need to run Matlab. Backup
> MX servers don't need to render fonts to relay mail. It seems to me that a
> lot of people are forgetting that one of the primary principles of
> security is to have only the services running that are absolutely
> necessary, and not to install services that are not required since they
> only increase risk.

It isn't forgetting, it is that people get rewarded for flashier, more 
dynamic web sites.  Few organizations reward people for systems that just 
quietly go about their work without causing problems.  If your web server 
does get hacked you get to ask for more resources.  In this environment it 
is much more important to install services that might be needed because 
you will be in trouble when someone can't do something silly because the 
services weren't installed.

I knew a guy who was good at his job.  He never had a crisis to resolve 
because his systems were robust and he dealt with potential problems 
before they became serious.  He was laid off because others with the same 
job were working much harder and even showed dedication to come in and fix 
problems (e.g., deal with an overfull filesystem) at 2am on weekends!

George N. White III  <aa056 at chebucto.ns.ca>
   Head of St. Margarets Bay, Nova Scotia, Canada


More information about the nSLUG mailing list