thanx a lot shridhar for such a input this(security issue) is indeed necessary ... even MS is going towards Trustworthy Computing Initiative :) so i guess security would be the major issue in deciding the OS
----- Original Message ----- From: "Shridhar Daithankar" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, October 28, 2002 3:31 PM Subject: Re: [LIH] Re: telnet prompt off > On 28 Oct 2002 at 9:46, Vipul Bhadra wrote: > > > Hi Raju, > > > > No Raju ... i never said cost=security .... i specifically said "cheap" > > distros .. like one of those lin on win type of distros. > > > > Why talk about debian ( i guess ur kiddin when u say its secure .. right ?) > > .. even Slackware is good and secure....but thats not the point here. Even i > > can counter argue that do u mean to say that free+regular=secure ? I dont > > think so! > > > > When you talk about security many people have differant levels and > > expectations .... if you consider pure security, let me assure you that the > > free SME Server Linux ( from E-Smith ) is far far better than Debian or > > SlackWare is ..... but for people who are PARANOID .. i mean really PARANOID > > ... its for those people that i recommended EnGarde ...ofcourse i cant say > > EnGarde is better than Tristix or SME or > > some other distro ... but yes they are DEFINATELY better than debian or > > slackware because of the way they take care of various things. You would not > > need OS like EnGarde if Admins take care and efforts to secure their > > distros! > > Let's start.. This is going to be a long thread.. but let me chip in.. > > My idea of server security is.. > > 1) Physical access to server is restricted and audited > > 2) Server has only kernel and shell installed to start with. Then admin adds > only those packages that are required. No devel/doc/compiler packages. All > unnecessary perl modules thrown out etc. > > 3) Only known and required services run. > > 4) Before a service is run, admin goes thr. config files and check only > required things are turned on. > > 5) Firewalls in place with proper and tested eaccess controls. > > 6) Admin goes thr. logs every night at least. And intrusion alert systems are > installed along with other utilities like snort or whatever additional you have > thought of. Tripwire is a must. > > 7)Admin keeps his system patched. > > IMO it's the last step that can vary across distros. I understand immunix etc. > have special patches compiled in like gcc stack smashing patch etc. but from > what I have heard, debian/slackware do not fall in insecure/unusable category. > IMO you need immunix style distros. if you don't have physicall access to the > server audited, which is not the case 90% of the time.. > > OK.. let the drum beat and rock-n-roll..:-) > > Regards, > Shridhar > > ----------------------------------------------------------- > Shridhar Daithankar > LIMS CPE Team Member, PSPL. > mailto:shridhar_daithankar@;persistent.co.in > Phone:- +91-20-5678900 Extn.270 > Fax :- +91-20-5678901 > ----------------------------------------------------------- > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > linux-india-help mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/linux-india-help > ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
