But there are places where cracking has a much higher up-front cost, or
a higher risk. So I don't argue that this recipe is right for all.
I'd argue that your approach is limited to fairly small sites.
that is, a large site (I'm mainly thinking of number and diversity
of users) needs to be hardened, since a crack _could_ do a lot of damage.
if the only cost is downtime, it's not really an issue - you can recover
quickly from a crack with either approach.
ironically, we had some uninvited visitors in december - almost certainly
got in via passwords sniffed at a nearby organization, and then probably
used the ia32-emulation local-root-elevation. luckily, their main goal
seemed to be launching Brazilian spam (for which our network is not really
all that suitable.) not a lot of their effort went towards staying
inconspicuous, or in scoping out the extent of our resources. and, happily,
no actual damage that we've found.
come to think of it, odd that security/cracking experiences have never
been much talked about on this list...
regards, mark.
_______________________________________________
Beowulf mailing list, Beowulf@beowulf.org
To change your subscription (digest mode or unsubscribe) visit
http://www.beowulf.org/mailman/listinfo/beowulf