How dangerous a Standard User could be to a FreeBSD box?
N.J. Thomas
njt at ayvali.org
Wed Jan 10 17:11:00 UTC 2007
* VeeJay <maanjee at gmail.com> [2007-01-10 13:24:22 +0100]:
> How dangerous a Standard User could be to a FreeBSD box?
Like another poster mentioned, it depends on a variety of factors. Three
things I can suggest to help you minimize security risks from local
users:
- keep your machine and software packages updated
- have policies and procedures in place detailing an Acceptable Use
Policy (AUP) and the consequences of violating them; and use it
when you have to (a lot of places have a ton of elaborate and
well-written AUPs which are never enforced)
- keep your user "shell" machines completely separate from your
other servers (web, imap, et al.), separate boxes, separate subnet,
separate passwords, etc.;
this should be obvious, but a lot of people run a lot of critical
services on the same machines that they allow users access to and
then they are surprised when a fork bomb takes down their mail
infrastructure
hth,
Thomas
--
N.J. Thomas
njt at ayvali.org
Etiamsi occiderit me, in ipso sperabo
More information about the freebsd-questions
mailing list