Security in an environment is established by several factors. Let's look at some questions to understand the factors involved:
- Is the configuration secure?
- Have we allowed the use of weak passwords?
- Is the superuser, root, allowed to log in remotely?
- Are we logging and auditing all connections?
Now, in a non-standard environment, how can you truly say that these requirements are all enforced across all of your Linux servers? To do so requires a great deal of faith they have all been built the same way, that they had the same security parameters applied, and that no-one has ever revisited the environment to change anything. In short, it requires fairly frequent auditing to ensure compliance.
However, where the environment has been ...