Quoting (no name) ([EMAIL PROTECTED]): > Question: Is it necessary that we use Linux? I mean, can > we use OpenBSD or something? How about secureLinux? ;-)
Prof. Feria, certainly you could do it with OpenBSD or FreeBSD. If the people who are participating are most familiar with those systems, that would be a compelling argument in their favour. In my experience, the key ingredient required to protect a system from attack is for the sysadmin to be minutely familiar with how it works, and familiar with the software that runs on it. You want to use what people know. In my opinion, there's no reason why a tough, difficult-to-crack system could not be fashioned from any of the three main BSDs, Solaris, or any of the main Linux distribution -- or any of the usual "firewall" Linux or BSD mini-distributions. The usual general considerations apply: o Simple, careful system configuration, to keep it auditable and minimise exposed software. o Careful selection of network daemons, again selecting for minimum and conservative function. o Cutting down the number of privileged executables to the minimum. o Paranoid scrutiny of the entire system from a (simulated) outsider's perspective. There are also hardware considerations. It might be worth considering using one of the CPU architectures with fewer buffer-overflow problems (PowerPC, SPARC, Alpha), and you might be able to operate with most of the filesystems (/, /usr) jumpered read-only at the hardware level (possible with most SCSI disks -- connect the jumper to the otherwise unused front-panel "turbo" switch. The latter would have to be prototyped beforehand to make sure it is really workable. You have to do "rm /etc/mtab; ln -s /proc/mounts /etc/mtab", which has some drawbacks. See: http://hints.linuxfromscratch.org/hints/mtab.txt (The point of making / and /usr be read-only isn't to keep the bad guys out, but rather to make it difficult for them to accomplish anything if they happen to get in. That may not be useful for the security challenge currently being discussed, but might be useful in real-world situations.) -- Cheers, I've been suffering death by PowerPoint, recently. Rick Moen -- Huw Davies [EMAIL PROTECTED] _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
