Over Reliance on Patching


With all the talk about patching and the importance of doing it regularly, we must caution you that patching is not going to be a silver bullet either. Not only is it likely that your system will still have numerous security vulnerabilities in it that you will need to patch in the future, but also the programs you are using could have fundamental flaws in them that do not properly guard against the risks you wish to manage. For instance, if you are concerned with protecting the confidentiality of your e-mails, patching your e-mail clients is unlikely to accomplish that without some additional security measures, such as encrypting your e-mail. In short, just because the software is bug free and working properly does not mean that using it is risk free.

As we already alluded to in earlier chapters, there are now several examples of previously unknown vulnerabilities being discovered in widely used software by the "bad guys," months before the good guys, such as you the gentle reader, and vendors find out. For instance, several very high profile sites were broken into in early 2004 due to an undiscovered flaw in rsync. The only people that were likely patched against that flaw were the crackers that discovered the flaw and kept it to themselves! Just because a flaw is not known to exist in something does not mean that the flaw does not exist. As Carl Sagan said, "Absence of evidence is not evidence of absence." It's always wise to assume that when you patch you are only doing the bare minimum necessary to secure your system. It's just par for the course to patch.



    Troubleshooting Linux Firewalls
    Troubleshooting Linux Firewalls
    ISBN: 321227239
    EAN: N/A
    Year: 2004
    Pages: 169

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net