Re: Linux Distribution Recomendation

[Byron Sonne <blsonne () rogers com>]

> Security does not depend on the admin alone. The system can never be more
> secure than the level of security that the underlying software is able to
> provide.

Depends on what you mean by 'underlying'. For instance, the underlying 
public telephone network is insecure. But I could convert my speech to 
digital data, scramble it using some kind of secure formulae, transmit 
it over the line and then have someone decode and regenerate it. Voila! 
secure communication over an insecure medium.

But generally you are right; a chain is only as strong as it's weakest link.

> The security of a normal Linux or UNIX system is rather poor.

Subjective. I could argue otherwise... but I'm inclined to agree with 
you as most people are generally poor admins of any OS, and succumb far 
to easy to the geewhiz-bells-and-lights that they see or are 'told' to 
install. Do you really need to run 5 different kinds of instant 
messenger clients... and active or HTML content in mail?!?! Hello?!?! 
Heck, they'd probably think mail marked 'occupant' was meant just for them.

> UNIX was designed for a benign environment, with friendly users and a trusted administrator. 

100% True!

> This environment is completely different from the Internet as we know it today. And
> therefore the security of normal Linux or UNIX systems is not adequate for use
> on the Internet.

That's jumping to conclusions. Thankfully the people that designed (and 
continue to design) unix, and clones such as Linux, developed structures 
and an architecture that has proven to be rather extensible. Often times 
things have been outright replaced or superseded.

You can find crap anywhere, for and in any OS or architecture, but the 
situation is never static. Things evolve. Sure some unix flavours and 
distros come defaulted to settings where it is implicit that the admin 
review and harden the system. Microsoft along with Apple have helped 
transition people toward a lazy perspective... the concern of being 
cheap and easy to the exclusion of all other concerns has a more 
apparent and quicker effect on the bottom line, and anyone who can 
install XP or turn on their Mac and connect themselves to the net thinks 
they're a computer expert now. You are never more vulnerable then when 
you think you are most secure ;)

I'd put money on the table that the same people willing to research and 
implement Adamantix would be the same kind of people willing and capable 
enough secure any kind of *nix that's out there now ;)

The solution is, and always has been discipline, education and the 
desire to do a good job. There is no hope of any kind without those 
ingredients.

Regards,
Byron Sonne




--

For Good, return Good. For Evil, return Justice.


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------