Re: Secure distribution
From: Justin Shaffer (shafferj_at_mac.com)
Date: 09/12/03
- Next message: /dev/rob0: "Re: Secure distribution"
- Previous message: David Fletcher: "Secure distribution"
- In reply to: David Fletcher: "Secure distribution"
- Next in thread: all mail refused: "Re: Secure distribution"
- Reply: all mail refused: "Re: Secure distribution"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 12 Sep 2003 12:29:49 -0400
David,
The level of local security you deploy really depends on a few things.
>From a technical perspective you should consider the services you'll
need to make available to the outside world. What type of network will
the machine be deployed in? Do you have the luxury of a firewall, or
will you be using iptables or something similar on the machine itself?
How will you administer the machine? Do you need to provide access to
potentially non-trusted users?
Ideally - you're just running ssh and a webserver, or even better -
there's a bastion host of some sort with ssh open on the same network
as your server that you have access to (administered by yourself or
someone else concerned with maintaining security on this machine as
well). On a day to day basis, most all you then have to worry about on
the webserver machine is maintaining the web server software and
potential modules/addons/scripting languages that you may be using (as
well as your own code that utilizes these modules).
In that case, you can then move on to considering who you believe your
average "attacker" to be. I'd take your business process into
consideration, or if the webserver is for personal use, would probably
stop at maintaining services for convenience sake. The level of
security you deploy can be a function of your own paranoia or the
requirements within your business. It's up to you. This is just a brief
summary though, there are a million different components to consider,
depending on the level of security you need to deploy.
To you question about how well maintained the smaller distros are - i'm
not sure as i dont generally use linux at all, except for personal use.
I'll go back to the point from above - depending on how concerned you
feel you need to be about it - either ensure that you're aware of
everything running on the machine and maintain it yourself (not
implying you write patches, just watch bugtraq et al and stay up to
date on the goings on with the apps you are running).
-Justin
In article <20030912135307.736cd296.D.I.Fletcher@Sheffield.ac.uk>,
David Fletcher <D.I.Fletcher@Sheffield.ac.uk> wrote:
> Hi,
>
> I am setting up a internet available web server and am planning which version
> of linux I will use.
>
> I use Mandrake as a desktop system, but wonder if other distributions such as
> Trustix (www.trustix.net) or Openna (www.openna.com) offer better security
> for running a server.
>
> Does anyone have any experience on this?
> How well maintained do these smaller distributions tend to be?
> Is the increase in security worth the move away from a distribution I am
> familiar with?
>
> Thanks for any help on this,
>
> David.
>
- Next message: /dev/rob0: "Re: Secure distribution"
- Previous message: David Fletcher: "Secure distribution"
- In reply to: David Fletcher: "Secure distribution"
- Next in thread: all mail refused: "Re: Secure distribution"
- Reply: all mail refused: "Re: Secure distribution"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
