[LINK] Study shows pop-up warnings are ineffective

Saliya Wimalaratne saliya at hinet.net.au
Wed Oct 1 16:04:27 EST 2008


On Wed, Oct 01, 2008 at 11:52:29AM +0930, Glen Turner wrote:
> 
> I much prefer the SELinux approach. Deny the activity and audit it.
> Put an alert on the screen saying the activity was denied. Give a
> audit review tool which allows denied requests to be authorised in
> the future.  This approach moves the consideration of security out

Hey Glen,

I like the concept; but for the average user SELinux is simply too hard.

Frankly, for the average network admin it appears to be simply too hard.
I've performed many audits of RHEL and CentOS installs (SELinux is 
enabled by default on current versions) where SELinux has been disabled
by the admin. Why? It "wouldn't serve web pages" or "wouldn't serve
email". 

Sure, that's an 'admin does not know enough to fix' problem. But there are
hordes of them out there, some working for quite large corporations, 
and if the _admins_ can't learn to use it properly, what chance does an
ordinary user have?

Regards, 

Saliya


More information about the Link mailing list