l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2002 Aug 15 09:20

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] Question
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] Question

Hash: SHA1

On Wed, 14 Aug 2002, Tcat Houser wrote:
> I'm a lurker on the local lists here....

Aha! You are a lurker no more! I spotted the lurker! Now Tcat is a lurker
no more! (Welcome. :-)

> I've been working/beating/hacking the upcoming Security+ cert from CompTIA
> (which I do with all the CompTIA stuff).
> I am wondering how the local Linux crowd feels/cares about Security in
> general, and certification in a more narrow fashion.

Security is a good thing. Security means I do the things I want to do, to
the exclusion of people I dont want doing the things I dont want them to
do and me being able to tell when either does or tries to do something
they are not supposed to be doing.

As for certification... My general opinion is this:
I can see "basic computer security" from an OS point of view and
certification *BUT* the certification should be date-stamped and invalid
when it does not include the date it was received.

Advanced security practices of the present often become required security
practices in the future. Out of ANY kinds of certification, I think
security certificates should have the shortest lifespan, and require
continuing classes to maintain their status.

A problem with certs in computer security (especially in the advanced
end) is, by the time you have a cirriculum set up for proper delivery, it
is out of date and the people being educated are getting "stale data".

I can see basics covered... Turn off non-necessary services, avoid
plain-text on the wire  authentication, avoid packaged apps with poor
track records, only open what is required for whom it is required and deny
all else, physical access is absolute access, etc.

What I can't see is "here is how you make a firewall that will always
'work'" or "installing a 'secure system'"

You can tach basics, but the student must remain up-to-date as "secure" is a
moving target. 

(I have more to say, but fear this e-mail could become a kind of
'trolling' message and I wish to avoid that.)

- -ME

Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++ 
L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ PGP++
t@-(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
- ------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html

> FYI, I helped a bunch of folks when Network+ was a upcoming cert.... > 
> I'm travelling this week. Back local for a whopping 11 hrs. back on
> Saturday.
> Tcat
> _______________________________________________
> vox mailing list
> vox@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox
Version: GnuPG v1.0.7 (GNU/Linux)


vox mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.