On 28/10/02 09:46 +0000, Vipul Bhadra wrote: > No Raju ... i never said cost=security .... i specifically said "cheap" > distros .. like one of those lin on win type of distros. You mean cheap as in the slang for worthless? > Why talk about debian ( i guess ur kiddin when u say its secure .. right ?) > .. even Slackware is good and secure....but thats not the point here. Even i > can counter argue that do u mean to say that free+regular=secure ? I dont > think so! Hmmmm http://www.openbsd.org/
> When you talk about security many people have differant levels and > expectations .... if you consider pure security, let me assure you that the Security is a *process* not a product. See the Orange book criteria. > free SME Server Linux ( from E-Smith ) is far far better than Debian or > SlackWare is ..... but for people who are PARANOID .. i mean really PARANOID Huh? I don't care who my vendor is. I am paranoid enough to patch my box(en) and keep them patched. Extremely well patched. My box is 24 x 7 onlne and has no firewall. However, breaking into it will require a 0 day. A service that is not running cannot be broken into. (For a single box a packet filtering firewall does not make sense. The only services exposed to the net are those that I want public, all the rest run on unix sockets/localhost only. If the box is broken into, reinstall time, and the damage done is 100% anyway. No, I do not see how a packet filter can protect against an application layer exploit for a Net exposed application. You need an application level proxy for that.). > ... its for those people that i recommended EnGarde ...ofcourse i cant say > EnGarde is better than Tristix or SME or > some other distro ... but yes they are DEFINATELY better than debian or > slackware because of the way they take care of various things. You would not You mean defaults? Who cares about defaults? Not even the OpenBSD people care about defaults, even when they claim that the default install is secure. > need OS like EnGarde if Admins take care and efforts to secure their > distros! A secured distro is a good starting point, in that it reduces the amount of work to be done for securing a box. However, security is only as good as the admin. Finally, stay patched. The correct way of obtaining security in defense in depth, proper use of cryptography, not running vulnerable services and running secure ones only. Net -> Packet filter (get rid of a lot of crap so that the proxy has less work to do) -> proxy (clean up the input, if possible) -> application (which trusts no external input and has no known exploits). Devdas Bhagat ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
