[Asterisk-Users] Asterisk 0.7.1 RH 7.3 RPMS Released

Thu Jan 22 14:19:12 MST 2004

Greg Boehnlein wrote:

>On Thu, 22 Jan 2004, WipeOut wrote:
>
>  
>
>>Ken Godee wrote:
>>    
>>
> 
>  
>
>>The problem with running servers based on RH 6.x, 7.x and 8 is that RH 
>>is not providing errata (security specifically) updates any more.. If 
>>you servers are not connected to the internet then, sure stay with the 
>>versions that are working for you, but if you have you server live on 
>>the internet for ant reason then this is a big issue..
>>    
>>
>
>No it isn't. If you follow best practices for your system, remove all 
>unneccessary packages, and properly firewall it, you are at no greater or 
>lesser risk than any other version of RedHat.
>
>Take a look at the following:
>http://www.nacs.net/~damin/linux-best-practices.pdf
>
>  
>
>>I realise that many vulnerabilities require local access but I am still 
>>not going to take the chance.. I want my servers as safe as possible, 
>>and if that means running the latest versions of whatever then thats 
>>what I am going to do.. :)
>>    
>>
>
>Take a look at the number of exploits that are available for RH 8 and 9, 
>and how quickly they are mounting up, and then rethink that statement. 
>There are more exploits being targeted at these platforms, in a shorter 
>period of time, than 7.3 and the earlier versions.
>
>Personal opinion here, but if you are relying on RedHat to be your 
>security provider, you have no business administering a system connected 
>to the Internet. Sure, they make it easier, but common sense and a solid 
>understanding of the applications and code that your system is based on 
>are a hell of a lot more comforting.
>
>  
>
Dude, with all due respect take a look at point 11 on your best practice 
PDF that you said I should read..

I am not saying that I don't agree with your other points, I do, but the 
fact still remains that the updates from the distro provider are vitaly 
important to the running of a secure system in addition to the 
firewalling, stopping of unused services, the removal of packages that 
are not used and all the other things..

Also to say that there are more vulnerabilities in the newer systems 
seems a little odd to me since the newer systems are usually grown from 
the older systems and generally if there is an exploit in a newer 
package it is likely to be in the older one as well..

Finally the fact that more exploits are discoverd in a shorter time 
frame on the newer distro's is probably a testament to the fact that the 
popularity of linux is spreading and growing almost exponetialy so it 
stands to reason that more will be created and discoverd in a storter 
time scale than before..

Anyway this is undoubtedly a topic that could go on forever with 
everyone having an opinion, so I guess we can say that we each have out 
own opinion about it and leave it there..

Later..