Secure Linux Distro
Furmanek, Greg
Greg.Furmanek@hit.cendant.com
Wed, 5 Jul 2000 12:19:13 -0400
Ok I should have been a little more specific when asking the
question so please let me rephrase it:
Which distribution offers the best support when it come to
keeping packages up to date, when it comes to security?
The Wolf
-> -----Original Message-----
-> From: J.L.Francois [mailto:frenchie@magusnet.gilbert.az.us]
-> Sent: Tuesday, July 04, 2000 5:06 PM
-> To: plug-discuss@lists.PLUG.phoenix.az.us
-> Subject: Re: Secure Linux Distro
->
->
-> It seems like on Tue, Jul 04, 2000 at 04:15:15PM -0700, The
-> Wolf scribbled:
-> Orig Msg> I have been using Mandrake for quite some time.
-> Orig Msg>
-> Orig Msg> But since they have been pronounced the easiest
-> Orig Msg> distro to break into I would like to know what
-> Orig Msg> would be the hardest dirstro to break in.
-> Orig Msg>
-> Orig Msg>
-> Orig Msg> --
-> Orig Msg> The Wolf
->
-> You are asking the wrong question.
->
-> Even OpenBSD which is touted as secure out of the box
-> has CERT advisories that mention it that come out once
-> or twice a year.
->
-> There are no guarantees against buffer overflow attacks.
-> There are no guarantees against backdoors or Trojans.
-> There is no such thing as a secure system.
-> Security is not a "fire and forget" operation.
-> Security takes constant vigilance, planning, and learning.
->
-> MagusNet, Inc. firewall rules and configs are constantly
-> reconfigured based on attack signatures for each day.
-> Every part of my hybrid firewall config is custom and looks
-> nothing like what would come out of any distribution.
-> There is no way *any* vanilla distro could account for
-> the number and types of attacks I see in a 24 hour
-> period due to running a Public Proxy.
->
-> For the record I haven't had any system I personally
-> connected to the Internet get compromised over the
-> last 3 years, that tells me I am due, not that I am
-> better than the crackers.
->
-> The most secure distro is the one you set up and test for yourself
-> for the paticular requirements of your network.
-> The hardest system to break into is the one that provides the least
-> amount of services to attack and causes the most amount of time
-> to be wasted during the attack.
-> It has to be constantly monitored and dynamic enuff to change
-> as the threat changes.
->
-> Its kinda like car theft, make your system least likely to
-> be attacked
-> by installing the tools to make the life of a cracker miserable and
-> frustrating. Script Kiddies need not apply.
->
-> All of the above are concerns no matter what distro or Operating
-> System you happen to be running. If anything the distro is
-> irrelevent.
-> If you are waiting for someone else to do it for you, you will
-> be waiting a long time.
->
-> Jean Francois Sends...
-> President & CEO - MagusNet, Inc., MagusNet.com,
-> MagusNet.Gilbert.AZ.US
-> Director Of Managed Services - OpNIX,Inc., www.opnix.com
-> OpNIX - Simply Better Bandwidth
-> 602-770-JLF1 - Cellular, ICQ: 8137851
->
->
-> _______________________________________________
-> Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us
-> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
->