Secure Linux Distro

Bill Warner wwarner@direct-alliance.com
Wed, 05 Jul 2000 09:55:30 -0700 

All that being said Jean is a security expert and knows what to look for.  If
you would like a good starting point for good security OpenBSD is a good
start.  If you must have/want Linux then Debian would be my next suggestion.
So
if your not a security expert like Mr. Francois is, you would probably want
to use one of the above as a better starting point than Mandrake or RedHat.

Just my $0.02
Bill Warner

"J.L.Francois" wrote:

> It seems like on Tue, Jul 04, 2000 at 04:15:15PM -0700, The Wolf scribbled:
> Orig Msg> I have been using Mandrake for quite some time.
> Orig Msg>
> Orig Msg> But since they have been pronounced the easiest
> Orig Msg> distro to break into I would like to know what
> Orig Msg> would be the hardest dirstro to break in.
> Orig Msg>
> Orig Msg>
> Orig Msg> --
> Orig Msg> The Wolf
>
> You are asking the wrong question.
>
> Even OpenBSD which is touted as secure out of the box
> has CERT advisories that mention it that come out once
> or twice a year.
>
> There are no guarantees against buffer overflow attacks.
> There are no guarantees against backdoors or Trojans.
> There is no such thing as a secure system.
> Security is not a "fire and forget" operation.
> Security takes constant vigilance, planning, and learning.
>
> MagusNet, Inc. firewall rules and configs are constantly
> reconfigured based on attack signatures for each day.
> Every part of my hybrid firewall config is custom and looks
> nothing like what would come out of any distribution.
> There is no way *any* vanilla distro could account for
> the number and types of attacks I see in a 24 hour
> period due to running a Public Proxy.
>
> For the record I haven't had any system I personally
> connected to the Internet get compromised over the
> last 3 years, that tells me I am due, not that I am
> better than the crackers.
>
> The most secure distro is the one you set up and test for yourself
> for the paticular requirements of your network.
> The hardest system to break into is the one that provides the least
> amount of services to attack and causes the most amount of time
> to be wasted during the attack.
> It has to be constantly monitored and dynamic enuff to change
> as the threat changes.
>
> Its kinda like car theft, make your system least likely to be attacked
> by installing the tools to make the life of a cracker miserable and
> frustrating.  Script Kiddies need not apply.
>
> All of the above are concerns no matter what distro or Operating
> System you happen to be running. If anything the distro is irrelevent.
> If you are waiting for someone else to do it for you, you will
> be waiting a long time.
>
> Jean Francois Sends...
> President & CEO - MagusNet, Inc., MagusNet.com, MagusNet.Gilbert.AZ.US
> Director Of Managed Services - OpNIX,Inc., www.opnix.com
> OpNIX - Simply Better Bandwidth
> 602-770-JLF1 - Cellular, ICQ:  8137851
>
> _______________________________________________
> Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss