Am 09. May, 2001 schwäzte Trent Shipley so: > 1) Creating a custom install, and even more compiling a custom kernel have > two major problems. Compiling a custom kernel needs to be a thing of the past for the generic public. It's getting there. We, the Free Software/Open Source community, need to ensure that the 'custom install' is available. Mandrake is working on that with their security models. RedHat, via bastille and a couple of other things, is getting there. Debian also has some harden scripts. Debian/Progeny has the best change, IMO, due to their long-standing dependency checking and their tasks. apt-get install business-workstation apt-get install secure-server apt-get install secure-workstation It's not there, but it can be. Resolving the conflicts between #1 and #3 might be interesting... > A) It takes a lot more training than required to secure a Windows box. > > B) It takes more time than securing a Windows box (and securing a Windows > machine takes quite long enough, thank you). That's why we need hardening tasks that take care of most of it. It's also why dists need to default to decent security, especially in regards to network exploits. And, security updates have to be easy and as automagic as practical. > 2) It assumes that a minimal, targeted install is acceptable. Note that > this means that you have decided to use a computer as a secure data > appliance. It is no longer a proper general computer that can emulate any > state or data processing machine. Nah. I bet JLFs boxen are pretty secure. He seems to get work done on them. Though I'm far from a security expert I think I've done a decent job with the servers where I'm working and they're usable. Same with my workstation and some of the other workstations there. It's all about compromise. As we have better admin programs, however, the line of the compromise can continue getting closer to fort knoxian security. ciao, der.hans -- # der.hans@LuftHans.com home.pages.de/~lufthans/ www.YourCompanyHere.net ;-) # The only way for a woman to change a man # is if he's wearing Depends[TM] - der.hans