[buug] Linux Security Site

[Rick Moen]

Hmm.  You may be onto something, there.  It should be a lot easier to
harden a workstation than a server.

However, there aren't any firm distinctions between workstation and
server, in Unix.  A workstation operator decides he wants to publish
an NFS export, or put up a Web page, and suddenly it's a server for
that function.  For that matter, if he runs X, he's already publishing
services potentially usable to anyone who can see his IP address.

> This would just be a stand-alone work station, with no network, 
> not even local.

But that would be a very sad situation, indeed -- in which the user
wouldn't get to see what's distinctively good about Linux.  You'd
be trying to fit Linux into a Windows-sized box, which just isn't
the way to make it shine.  Think of it this way:  Automobiles made
extremely poor horses, eh?  It's only when people started thinking 
of what cars do well that you'd _never think of on a horse_ that 
their advantages became clear.

This is why I try to get people out of the one-computer mindset,
when they talk to me about Linux.  I tell them:  _Don't_ dual-boot
your Win9x box as a part-time Linux box.  Instead, get somebody's
cast-off P90, run Linux on that, and make it furnish services to
you on a cheap local LAN (which can be as simple as a single crossover
cable and two $30 Tulip cards)..

Of course, people are afraid of LANs.  That's the other obstacle I 
try to help them overcome.

-- 
Cheers,                Linux:  It is now safe to turn on your computer.
Rick Moen
rick (at) linuxmafia.com