Greetings, I work for the US Air Force. We have a prototype that dramatically, fundamentally increases a web server's security. We run an Apache server within a minimized, user-level-only, Linux variant only within RAM and from only a DVD (no harddrive). With no shells, hackers have nowhere to go. With no persistent memory, malware has no place to reside. A simple reboot restores the website to a pristine state within minutes. Because a LiveDVD holds the OS, apps and content, its best for static, non-interactive, low-volume, high-value, highly-targeted websites. Any change means burning a new DVD, but this also makes testing easier and less noisy. Logs are tricky to extract. While it has worked well, some of us believe its usability drawbacks (e.g. limited ability to receive input from users, every change needs a new DVD) outweigh its great security benefits making it unmarketable (in govt or industry) and thus just another prototype to leave on the shelf. I'm curious what your group thinks. Thanks in advance -- I don't quite know with whom to discuss this idea. Kevin Sweere
smime.p7s
Description: S/MIME cryptographic signature
