Reindl Harald wrote:
Am 24.02.2013 02:07, schrieb Frantisek Hanzlik:
- these boxes aren't directly on internet
good so
Even if they would be, they will not offers many services to internet and there isn't problem secure them
laughable
how do you secure a machine with so security-updates? YOU patch tke kernel? YOU patch the network stack?
even without a service offered it would be naive to feel secuer with such a machine - maybe you should read how intrusions in the last few years happened even for machines behind a NAt router with no public service to get a picture
Of course, there may be some danger of intrusion, as always, but - internet browsers and mail clients are regularly updated, luckily Mozilla offers RPM packages, flash-plugin are actualizad too. - some other SW (OpenOffice and so forth) is downloadabe in actual versions and as RPM packages too. - as I wrote before, I packaged some RPMs itself - some RPMs from RHEL/Centos 6 are Fedora14-well-compatible - DoS attack I outlive, compromitation at user level too (unusual traffic is blocked and monitored at firewall], thus only real danger is gaining full controll over the box - but some regular tests and precautions are done.
thus I'm sleeping smoothly. (as now, 2:39 AM my time ;)