I support you! 2009/11/16 Sweere, Kevin E CTR USAF AFRL/RYT <[email protected]>
> Greetings, > > I work for the US Air Force. We have a prototype that dramatically, > fundamentally increases a web server's security. > > We run an Apache server within a minimized, user-level-only, Linux variant > only within RAM and from only a DVD (no harddrive). With no shells, > hackers > have nowhere to go. With no persistent memory, malware has no place to > reside. A simple reboot restores the website to a pristine state within > minutes. > > Because a LiveDVD holds the OS, apps and content, its best for static, > non-interactive, low-volume, high-value, highly-targeted websites. Any > change means burning a new DVD, but this also makes testing easier and less > noisy. Logs are tricky to extract. > > While it has worked well, some of us believe its usability drawbacks (e.g. > limited ability to receive input from users, every change needs a new DVD) > outweigh its great security benefits making it unmarketable (in govt or > industry) and thus just another prototype to leave on the shelf. > > I'm curious what your group thinks. Thanks in advance -- I don't quite > know > with whom to discuss this idea. > > Kevin Sweere > > > > >
