This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new!

Re:W3 security FAQ discusses this somewhat

Posted by: Anonymous Coward on June 07, 2002 12:22 AM
Missing the point slightly. A default configuration will yield results whether current or old, whether OS or WWW, whether FTP or BIND, whether SQL*Server or Oracle etc...

The point the article makes is that by running systems deemed 'obsolete', you won't show up on the usual radar. As the man says, the kiddiots will simply move to easier targets.

The point is that you have years of experience of hardening those particular products - which certainly doesn't include leaving it in a 'default' (or un-hardened) state.

It means *keeping* those obsolete systems hardened by patching and reading the advisories rather than installing the old 'default' software and promptly going to sleep.

Makes sense - no?


Return to Security through obsolescence