switching from linux to freebsd

Erik Nørgaard norgaard at locolomo.org
Tue Aug 1 17:44:48 UTC 2006

Freminlins wrote:

> You made the point with reference to security, not system recovery. That
> is what I am contradicting.

Security is often misunderstood to mean protecting against unauthorized
access. But this is only part of information security.

You need to protect your information assets such as to ensure continuity
of business operations, and this covers:

* Confidentiality
* Integrity
* Availability

The last two evidently have to do with data and system recovery, and
this was the question being raised in OP.

Which is more important depends on the data. In some cases unauthorized
disclosure is less costly than downtime. The security professional
evaluates the potential losses for each breach against the cost of
protecting against that breach.

Integrity of the base installation is important because it ensures
integrity of the base system against the most common failures - say
power out, and provides for faster recovery of systems hence addressing
availability - and not to mention it is cheap!

If you configure your server using LDAP or NIS for user management then
you only need to mount the root file system rw when updating the base
system or changing root password. Add the MAC and you will likely be
able to protect further against the attack you mention.

Cheers, Erik
Ph: +34.666334818                      web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4128 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20060801/a649350e/smime.bin

More information about the freebsd-questions mailing list