Home page logo
/

basics logo Security Basics mailing list archives

Re: Linux Distribution Recomendation
From: peter () devbox adamantix org (Peter Busser)
Date: Thu, 4 Mar 2004 10:24:20 +0100

Hi!

I like Slackware myself ( http://www.slackware.com/ ).  It is as close to pure
Linux as you can get.  It's getting easier to manage also.  As far as security
goes, that depends largely on the admin but, Slackware requires far fewer
patches and upgrades than more well known varients because they don't rewrite
everything before releasing it.

Security does not depend on the admin alone. The system can never be more
secure than the level of security that the underlying software is able to
provide.

The security of a normal Linux or UNIX system is rather poor. UNIX was designed
for a benign environment, with friendly users and a trusted administrator. This
environment is completely different from the Internet as we know it today. And
therefore the security of normal Linux or UNIX systems is not adequate for use
on the Internet.

The security of a piece of software does not end with the implementation of
security features in this piece of software. Most software requires
configuration. And that goes for Slackware too. My experience with Slackware
has taught me that Slackware is particularly weak in this area. It needs a 
lot of handwork. Since handwork is done by humans, and humans tend to err now
and then, it will eventually result in a higher number of configuration
mistakes.

The vision behind Adamantix is to improve the overall security features of
the system, so that an administrator can use them to secure his system(s). And
also to make managing these features easier, so that the administrator can do
a better job with less effort.

Groetjes,
Peter Busser

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault