Secure Linux Distro

J.L.Francois jlf@magusnet.gilbert.az.us
Tue, 4 Jul 2000 17:05:47 -0700 

It seems like on Tue, Jul 04, 2000 at 04:15:15PM -0700, The Wolf scribbled:
Orig Msg> I have been using Mandrake for quite some time.
Orig Msg> 
Orig Msg> But since they have been pronounced the easiest
Orig Msg> distro to break into I would like to know what 
Orig Msg> would be the hardest dirstro to break in.
Orig Msg> 
Orig Msg> 
Orig Msg> -- 
Orig Msg> The Wolf

You are asking the wrong question.

Even OpenBSD which is touted as secure out of the box
has CERT advisories that mention it that come out once 
or twice a year.

There are no guarantees against buffer overflow attacks.
There are no guarantees against backdoors or Trojans.
There is no such thing as a secure system.
Security is not a "fire and forget" operation.
Security takes constant vigilance, planning, and learning.

MagusNet, Inc. firewall rules and configs are constantly 
reconfigured based on attack signatures for each day.
Every part of my hybrid firewall config is custom and looks
nothing like what would come out of any distribution.
There is no way *any* vanilla distro could account for 
the number and types of attacks I see in a 24 hour 
period due to running a Public Proxy.

For the record I haven't had any system I personally
connected to the Internet get compromised over the
last 3 years, that tells me I am due, not that I am
better than the crackers.

The most secure distro is the one you set up and test for yourself
for the paticular requirements of your network.
The hardest system to break into is the one that provides the least
amount of services to attack and causes the most amount of time
to be wasted during the attack.
It has to be constantly monitored and dynamic enuff to change
as the threat changes.

Its kinda like car theft, make your system least likely to be attacked
by installing the tools to make the life of a cracker miserable and
frustrating.  Script Kiddies need not apply.

All of the above are concerns no matter what distro or Operating
System you happen to be running. If anything the distro is irrelevent.
If you are waiting for someone else to do it for you, you will
be waiting a long time.

Jean Francois Sends...
President & CEO - MagusNet, Inc., MagusNet.com, MagusNet.Gilbert.AZ.US
Director Of Managed Services - OpNIX,Inc., www.opnix.com
OpNIX - Simply Better Bandwidth
602-770-JLF1 - Cellular, ICQ:  8137851