Re: Linux Distribution Recomendation
From: Peter Busser (peter_at_devbox.adamantix.org)
Date: 03/04/04
- Previous message: Bhargav Bhikkaji: "Simulating Attacks"
- In reply to: Vincent: "Re: Linux Distribution Recomendation"
- Next in thread: Vincent: "Re: Linux Distribution Recomendation"
- Reply: Vincent: "Re: Linux Distribution Recomendation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 4 Mar 2004 10:44:05 +0100 To: security-basics@securityfocus.com
Hi!
> 4.) By Sacrifice security for functionality I mean you can run something
> like SElinux, Gentoo hardened or Adamantix which is harder to crack than
> just about anything but you will pay a price, things like PaX stack
> protection will give you a significant performance hit and break many
> applications. It should be noted that the 2.6 kernel will have SElinux
> built in,
I wonder how much of a performance hit you would call significant. Personally,
I do not notice a performance difference between a PaX kernel and a non-PaX
kernel. With the segmentation based protection, the performance impact is
estimated at 2%.
And then, even if you are right, and the performance impact is indeed
significant (let's say 20%). Then you just wait 6 months, for the same price
you will get a 20% faster CPU that will compensate for the impact. If you
cannot wait 6 months, you simply pay a hundred bucks more now. A small
investment that really pays off, once you realise how much a successful
breakin and the resulting downtime costs.
It should be noted that systems like RSBAC (which is used in Adamantix) and
SELinux are as secure as the kernel is. The recent list of Linux kernel exploits
show that this security is not exactly perfect. So don't expect miracles from
systems like that, even though some people would like to make you believe
otherwise.
Groetjes,
Peter Busser
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
- Previous message: Bhargav Bhikkaji: "Simulating Attacks"
- In reply to: Vincent: "Re: Linux Distribution Recomendation"
- Next in thread: Vincent: "Re: Linux Distribution Recomendation"
- Reply: Vincent: "Re: Linux Distribution Recomendation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
