Re: Linux Distribution Recomendation

From: Alvin Oga (alvin.sec_at_Virtual.Linux-Consulting.com)
Date: 03/05/04

  • Next message: Vincent: "Re: Linux Distribution Recomendation" 
    Date: Thu, 4 Mar 2004 17:55:05 -0800 (PST)
To: Peter Busser <peter@devbox.adamantix.org>

    hi ya peter

    okay .. i'll jump.. :-)

    On Thu, 4 Mar 2004, Peter Busser wrote:

    > Hi!
    >
    > > I like Slackware myself ( http://www.slackware.com/ ). It is as close to pure
    > > Linux as you can get. It's getting easier to manage also. As far as security
    > > goes, that depends largely on the admin but, Slackware requires far fewer
    > > patches and upgrades than more well known varients because they don't rewrite
    > > everything before releasing it.
    >
    > Security does not depend on the admin alone.

    yup

    > The system can never be more
    > secure than the level of security that the underlying software is able to
    > provide.

    no... that should be "never more secure than the weakest link" ...
            - the admin or the user ( 80% - 90% of the time )
            - the managers
            - the corp computer usage policy or home computer usage policy
            - the patched server or unpatched due to laziness or not knowing
            - allowing anybody to connect w/ dhcp running
            - allowing anybody to connect w/ wireless running
            - allowing anybody to connect w/ telnet/ftp/pop3 ( cleartext pwd )
            - allowing insecure home network to connect(vpn) to the office
            - not having backups of *-your-* data
            - thinking that the firewall will sovle your problems
                    ( worst possible solution )
            - on and on and on

    > The security of a normal Linux or UNIX system is rather poor.

    but still more secure and better than the other os that 90% of the
    non-techies use

    > The security of a piece of software does not end with the implementation of
    > security features in this piece of software. Most software requires
    > configuration. And that goes for Slackware too. My experience with Slackware
    > has taught me that Slackware is particularly weak in this area. It needs a
    > lot of handwork. Since handwork is done by humans, and humans tend to err now
    > and then, it will eventually result in a higher number of configuration
    > mistakes.

    yes .. people make mistakes

    slackware has no more extra tweeks to its os than other distro that is
    tweeked to the hill for its "flavor"
            - redhat being the most tweeked and most hacked and probably due
            to most usage/penetration

            - one should normalize the number of successful hacks
            vs the number of installations for a real answer of which is
            less susceptible to hacks

    all distro uses the same sw
            - same kernel or tweekd ( broken )
            - same gcc/glibc
            - same bash
            - same sendmail
            - same dns
            - same apache
            - same ipchains/iptables
            - same mysql ....
            - same blah-blah ..

            ---> one distro is NOT more secure than another

                    -- it solely depends on the user's ability to know
                    how to make it equally or better secure than the other

    and i'd still pick slackware ... if its my choice

     
    > The vision behind Adamantix is to improve the overall security features of

    sounds like what nsa linux and trustix used to claim ?? along with the
    other secure linux ??

    c ya
    alvin

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------

  • Next message: Vincent: "Re: Linux Distribution Recomendation"

    Relevant Pages

    • RE: Ten least secure programs
      ... contrary to the statistics. ... corrected virtually all current and yet to be discovered security issues ... with Linux. ... Subject: Ten least secure programs ...
      (Security-Basics)
    • Re: Ten least secure programs
      ... Subject: Ten least secure programs ... only someone that's hard up to bash Linux users would assume this. ... > corrected virtually all current and yet to be discovered security issues ...
      (Security-Basics)
    • RE: [Full-Disclosure] RE: Linux (in)security
      ... We simply use alternate approaches to security. ... Microsoft for their platform of choice, so, we are simply changing with the ... I have never heard of a Linux vendor saying that Linux is "secure out of the ...
      (Full-Disclosure)
    • RE: Linux Distribution Recomendation
      ... being secure, doesn't really hold water. ... I would consider a FreeBSD system to be a normal Unix system in too ... days perspective and it's level of security as compared with other operating ... Linux version - Slackware, ...
      (Security-Basics)
    • Re: Ten least secure programs
      ... it's probably better you leave the topic alone ... I said I do not have security issues with the programs I code. ... I didn't realize you were a Linux user, ... > the most widely used and secure UNIX flavors? ...
      (Security-Basics)