Home page logo
/

basics logo Security Basics mailing list archives

Re: Linux Distribution Recomendation
From: Byron Sonne <blsonne () rogers com>
Date: Mon, 08 Mar 2004 18:17:30 -0500

Security does not depend on the admin alone. The system can never be more
secure than the level of security that the underlying software is able to
provide.

Depends on what you mean by 'underlying'. For instance, the underlying public telephone network is insecure. But I could convert my speech to digital data, scramble it using some kind of secure formulae, transmit it over the line and then have someone decode and regenerate it. Voila! secure communication over an insecure medium.

But generally you are right; a chain is only as strong as it's weakest link.

The security of a normal Linux or UNIX system is rather poor.

Subjective. I could argue otherwise... but I'm inclined to agree with you as most people are generally poor admins of any OS, and succumb far to easy to the geewhiz-bells-and-lights that they see or are 'told' to install. Do you really need to run 5 different kinds of instant messenger clients... and active or HTML content in mail?!?! Hello?!?! Heck, they'd probably think mail marked 'occupant' was meant just for them.

UNIX was designed for a benign environment, with friendly users and a trusted administrator.

100% True!

This environment is completely different from the Internet as we know it today. And
therefore the security of normal Linux or UNIX systems is not adequate for use
on the Internet.

That's jumping to conclusions. Thankfully the people that designed (and continue to design) unix, and clones such as Linux, developed structures and an architecture that has proven to be rather extensible. Often times things have been outright replaced or superseded.

You can find crap anywhere, for and in any OS or architecture, but the situation is never static. Things evolve. Sure some unix flavours and distros come defaulted to settings where it is implicit that the admin review and harden the system. Microsoft along with Apple have helped transition people toward a lazy perspective... the concern of being cheap and easy to the exclusion of all other concerns has a more apparent and quicker effect on the bottom line, and anyone who can install XP or turn on their Mac and connect themselves to the net thinks they're a computer expert now. You are never more vulnerable then when you think you are most secure ;)

I'd put money on the table that the same people willing to research and implement Adamantix would be the same kind of people willing and capable enough secure any kind of *nix that's out there now ;)

The solution is, and always has been discipline, education and the desire to do a good job. There is no hope of any kind without those ingredients.

Regards,
Byron Sonne




--

For Good, return Good. For Evil, return Justice.


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault