Re: Linux Distribution Recomendation

From: Byron Sonne (blsonne_at_rogers.com)
Date: 03/09/04

  • Next message: Jennifer Fountain: "RE: Virus Notification Template"
    Date: Mon, 08 Mar 2004 18:17:30 -0500
    To: Peter Busser <peter@devbox.adamantix.org>, security-basics@securityfocus.com
    
    

    > Security does not depend on the admin alone. The system can never be more
    > secure than the level of security that the underlying software is able to
    > provide.

    Depends on what you mean by 'underlying'. For instance, the underlying
    public telephone network is insecure. But I could convert my speech to
    digital data, scramble it using some kind of secure formulae, transmit
    it over the line and then have someone decode and regenerate it. Voila!
    secure communication over an insecure medium.

    But generally you are right; a chain is only as strong as it's weakest link.

    > The security of a normal Linux or UNIX system is rather poor.

    Subjective. I could argue otherwise... but I'm inclined to agree with
    you as most people are generally poor admins of any OS, and succumb far
    to easy to the geewhiz-bells-and-lights that they see or are 'told' to
    install. Do you really need to run 5 different kinds of instant
    messenger clients... and active or HTML content in mail?!?! Hello?!?!
    Heck, they'd probably think mail marked 'occupant' was meant just for them.

    > UNIX was designed for a benign environment, with friendly users and a trusted administrator.

    100% True!

    > This environment is completely different from the Internet as we know it today. And
    > therefore the security of normal Linux or UNIX systems is not adequate for use
    > on the Internet.

    That's jumping to conclusions. Thankfully the people that designed (and
    continue to design) unix, and clones such as Linux, developed structures
    and an architecture that has proven to be rather extensible. Often times
    things have been outright replaced or superseded.

    You can find crap anywhere, for and in any OS or architecture, but the
    situation is never static. Things evolve. Sure some unix flavours and
    distros come defaulted to settings where it is implicit that the admin
    review and harden the system. Microsoft along with Apple have helped
    transition people toward a lazy perspective... the concern of being
    cheap and easy to the exclusion of all other concerns has a more
    apparent and quicker effect on the bottom line, and anyone who can
    install XP or turn on their Mac and connect themselves to the net thinks
    they're a computer expert now. You are never more vulnerable then when
    you think you are most secure ;)

    I'd put money on the table that the same people willing to research and
    implement Adamantix would be the same kind of people willing and capable
    enough secure any kind of *nix that's out there now ;)

    The solution is, and always has been discipline, education and the
    desire to do a good job. There is no hope of any kind without those
    ingredients.

    Regards,
    Byron Sonne

    -- 
    For Good, return Good. For Evil, return Justice.
    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
    any course! All of our class sizes are guaranteed to be 10 students or less 
    to facilitate one-on-one interaction with one of our expert instructors. 
    Attend a course taught by an expert instructor with years of in-the-field 
    pen testing experience in our state of the art hacking lab. Master the skills 
    of an Ethical Hacker to better assess the security of your organization. 
    Visit us at: 
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------
    

  • Next message: Jennifer Fountain: "RE: Virus Notification Template"