Reindl Harald wrote:
Am 24.02.2013 02:07, schrieb Frantisek Hanzlik:
> - these boxes aren't directly on internet
good so
> Even if they would be, they will not offers many services
> to internet and there isn't problem secure them
laughable
how do you secure a machine with so security-updates?
YOU patch tke kernel?
YOU patch the network stack?
even without a service offered it would be naive
to feel secuer with such a machine - maybe you should
read how intrusions in the last few years happened
even for machines behind a NAt router with no public
service to get a picture
Of course, there may be some danger of intrusion, as always, but
- internet browsers and mail clients are regularly updated, luckily
Mozilla offers RPM packages, flash-plugin are actualizad too.
- some other SW (OpenOffice and so forth) is downloadabe in actual
versions and as RPM packages too.
- as I wrote before, I packaged some RPMs itself
- some RPMs from RHEL/Centos 6 are Fedora14-well-compatible
- DoS attack I outlive, compromitation at user level too (unusual
traffic is blocked and monitored at firewall], thus only real danger
is gaining full controll over the box - but some regular tests and
precautions are done.
thus I'm sleeping smoothly.
(as now, 2:39 AM my time ;)