[ Date Index ][
Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Brough, Tom wrote: > > I always feel that any exercise like this is a testament to the skill of the > administrators as much as it is to the security and stability of the > operating system / applications. Given a newbie team of Linux Admins and a > highly capable Windows CE team, which would you put your money on. Neither, I'd be backing the VMS or FreeBSD or ... teams in such circumstances ;-) > Having said that most of the PLUG group are switched on Admin types. These are pretty regular contests in hacker groups, and fairly artificial as you suggest, as most boxes aren't run by the kind of people entering such tests. The way free or open source software will triumph in such tests is if you take advantage of the nature of the beast. So compile the software with extensive bounds or stack checking, such as distro's like Immunix (or maybe Gentoo with a little tweaking), and audit the source code you use in your server applications (and dump those that are too complex or messy). I doubt the Microsoft team will be able to take such in depth precautions in their own configuration, unless Microsoft have engineered it into the apps already. Meanwhile back in the real world I blacklist those IP addresses completing TCP handshakes to unused well known ports, which is the kind of technique that will slow down those with malicious intent, yet is likely to be banned under such a competitions rules. Thus intruder detection is of limited value in these tests, but a key concept for use in the real world. Now a Solaris team, if that is SUN employees that could be serious opposition. -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+i/MkGFXfHI9FVgYRAspUAJ4++j9AnTtt57bzjVEJjDv4zOFK8gCgxPef nAeumsntcv9Nt+/kullAfcs= =R8/y -----END PGP SIGNATURE----- -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.