Home page logo

basics logo Security Basics mailing list archives

Re: About Operating Systems security
From: salgak () speakeasy net
Date: Wed, 28 May 2003 17:34:58 +0000

-----Original Message-----
From: yannick'san [mailto:yannicksan () free fr]
Sent: Tuesday, May 27, 2003 06:55 PM
To: security-basics () securityfocus com
Subject: About Operating Systems security

Hello everybody,

First of all, I know the subject I'm going to talk about has largely been
discussed everywhere but, up today, the main problem I have is that I can't
really find the right Documentation I'm looking for and as much as I read
reports, the task become harder to do. So, now, I ask for some helps to the
Ok, here I start. Considering the following fonctionnalities installed and
the same machine and nothing more :
(a) a firewall
(b) a web server
(c) a database
I have already prouved that the security level will be the highest if I use
OpenSources for (a,b,c), and for reaching that point, not only the security
process and procedures has already been written (Process and procedures for
regularly auditing the fonctionnalities installed and also for dealing with
a recovery plan, for exemple) but also the code and reviews that could be
done or have been done.
But as (a,b,c) is supported by an OS, the hardest problem I have is how to
introduce a new one in a companie - Probably I should have started to think
about that before...- How to prove that the OS choosen for only supporting
the fonctionalities ennonced before, will be the most secured OS between
all. How to prove that it in front of directors, managers and Engineers.

Any pointers, news or documents are welcome and I'll keep everybody informed
on the result :)

Well, it's generally accepted practice that a firewall should be the only application running on the firewall box: 
adding a webserver and database opens up two additional areas for a hacker to exploit and gain root access.

Databases are exceptionally problematical: remote procedure calls are the LAST thing you want on a firewall.

Keep your webserver and database server BEHIND the firewall.  If you can do no other solution, get a hardware firewall 
unit and run your web and DB on a separate box.

The nice thing about using Open Source software, and especially the many Linux variants, is that it WILL run just fine 
on older equipment that might otherwise be discarded or surplused.   An old desktop box will run a Linux firewall fine. 
 You'll get better protection from exploits AND save the company some cash. . .


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]