Secure Linux Distro

Furmanek, Greg Greg.Furmanek@hit.cendant.com
Wed, 5 Jul 2000 12:19:13 -0400 

Ok I should have been a little more specific when asking the
question so please let me rephrase it:

Which distribution offers the best support when it come to 
keeping packages up to date, when it comes to security?

The Wolf

-> -----Original Message-----
-> From: J.L.Francois [mailto:frenchie@magusnet.gilbert.az.us]
-> Sent: Tuesday, July 04, 2000 5:06 PM
-> To: plug-discuss@lists.PLUG.phoenix.az.us
-> Subject: Re: Secure Linux Distro
-> 
-> 
-> It seems like on Tue, Jul 04, 2000 at 04:15:15PM -0700, The 
-> Wolf scribbled:
-> Orig Msg> I have been using Mandrake for quite some time.
-> Orig Msg> 
-> Orig Msg> But since they have been pronounced the easiest
-> Orig Msg> distro to break into I would like to know what 
-> Orig Msg> would be the hardest dirstro to break in.
-> Orig Msg> 
-> Orig Msg> 
-> Orig Msg> -- 
-> Orig Msg> The Wolf
-> 
-> You are asking the wrong question.
-> 
-> Even OpenBSD which is touted as secure out of the box
-> has CERT advisories that mention it that come out once 
-> or twice a year.
-> 
-> There are no guarantees against buffer overflow attacks.
-> There are no guarantees against backdoors or Trojans.
-> There is no such thing as a secure system.
-> Security is not a "fire and forget" operation.
-> Security takes constant vigilance, planning, and learning.
-> 
-> MagusNet, Inc. firewall rules and configs are constantly 
-> reconfigured based on attack signatures for each day.
-> Every part of my hybrid firewall config is custom and looks
-> nothing like what would come out of any distribution.
-> There is no way *any* vanilla distro could account for 
-> the number and types of attacks I see in a 24 hour 
-> period due to running a Public Proxy.
-> 
-> For the record I haven't had any system I personally
-> connected to the Internet get compromised over the
-> last 3 years, that tells me I am due, not that I am
-> better than the crackers.
-> 
-> The most secure distro is the one you set up and test for yourself
-> for the paticular requirements of your network.
-> The hardest system to break into is the one that provides the least
-> amount of services to attack and causes the most amount of time
-> to be wasted during the attack.
-> It has to be constantly monitored and dynamic enuff to change
-> as the threat changes.
-> 
-> Its kinda like car theft, make your system least likely to 
-> be attacked
-> by installing the tools to make the life of a cracker miserable and
-> frustrating.  Script Kiddies need not apply.
-> 
-> All of the above are concerns no matter what distro or Operating
-> System you happen to be running. If anything the distro is 
-> irrelevent.
-> If you are waiting for someone else to do it for you, you will
-> be waiting a long time.
-> 
-> Jean Francois Sends...
-> President & CEO - MagusNet, Inc., MagusNet.com, 
-> MagusNet.Gilbert.AZ.US
-> Director Of Managed Services - OpNIX,Inc., www.opnix.com
-> OpNIX - Simply Better Bandwidth
-> 602-770-JLF1 - Cellular, ICQ:  8137851
-> 
-> 
-> _______________________________________________
-> Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
-> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
->