Security Basics mailing list archives
Re: Linux Web Server Hardening (LAMP + Wiki)
From: James Thomas <jim () nimblesec com>
Date: Mon, 28 Jan 2013 13:48:44 -0500
Dear Eric, Thank you for your note. On 28/01/2013 03:19, Eric Furman wrote:
Don't use Linux. It is insecure. Use Windows or one of the BSDs. All are much more secure.
I'd argue that none of these are secure, that perfect security is an illusion, and that technical solutions aren't everything. If there have been fewer exploits for the BSD's, I'd argue that this is merely because they, being lesser known, represent a smaller attack surface. I'd be more concerned about configuring systems properly than with choice of OS, and training all associates to resist spearphishing, etc. Security should be seen as a series of layers, any of which might be breached, and the layer closest to one's skin should be an awareness of techniques that may be employed by an attacker, and how to mitigate them. Mitnick's books are a good start for this. That said, I have no useful answers for Jeffrey's actual question offhand. James ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- RE: Linux Web Server Hardening (LAMP + Wiki), (continued)
- RE: Linux Web Server Hardening (LAMP + Wiki) Arie Claassens (Jan 28)
- Re: Linux Web Server Hardening (LAMP + Wiki) Joerg Stephan (Jan 28)
- Re: Linux Web Server Hardening (LAMP + Wiki) DragonSlay3r (Jan 28)
- Re: Linux Web Server Hardening (LAMP + Wiki) gremlin (Jan 31)
- RE: Linux Web Server Hardening (LAMP + Wiki) Emre Tugriceri (Jan 28)
- Re: Linux Web Server Hardening (LAMP + Wiki) Michael Zoet (Jan 28)
- Re: Linux Web Server Hardening (LAMP + Wiki) Ansgar Wiechers (Jan 28)
- Re: Linux Web Server Hardening (LAMP + Wiki) Eric Furman (Jan 31)
- Re: Linux Web Server Hardening (LAMP + Wiki) Ansgar Wiechers (Jan 31)
- Re: Linux Web Server Hardening (LAMP + Wiki) Jason M (Jan 28)
- Re: Linux Web Server Hardening (LAMP + Wiki) James Thomas (Jan 28)
- Re: Linux Web Server Hardening (LAMP + Wiki) Michael Peppard (Jan 29)
- RE: Linux Web Server Hardening (LAMP + Wiki) Ulm, Matt (Jan 28)
- Re: Linux Web Server Hardening (LAMP + Wiki) Littlefield, Tyler (Jan 28)
- Re: Linux Web Server Hardening (LAMP + Wiki) Henri Salo (Jan 28)
- RE: Linux Web Server Hardening (LAMP + Wiki) Balakrishnan Nadar (Jan 28)
- Re:Linux Web Server Hardening (LAMP + Wiki) forgaoqiang (Jan 28)
- Re: Linux Web Server Hardening (LAMP + Wiki) gremlin (Jan 31)
- Re: Linux Web Server Hardening (LAMP + Wiki) Michael Peppard (Jan 28)
- Re: Linux Web Server Hardening (LAMP + Wiki) Tracy Reed (Jan 29)
- Re: Linux Web Server Hardening (LAMP + Wiki) Jeffrey Walton (Jan 28)