|
|
|
|
|
|
by woodman
3700 days ago
|
|
|
> ...because of their use of insecure third party services... The OS is partially to blame for that. I've got all my external services separately jailed in FreeBSD, with firewalls tuned to each service. Unless they come packing a 0day jailbreak exploit - a compromised service will spread no further, the web server isn't going to be SSHing into the kerberos server. Having your DB dumped sucks, but the really embarrassing compromises (HackingTeam, AshleyMadison, HBGary, etc) involved establishing a beachhead on a vulnerable service and then pushing in further. You can manually set these thing up in any OS, but the easier an OS makes it to be secure - the more likely it is that the machine will be secure. |
|
|