Firewall Wizards mailing list archives
RE: Custom Unix server installations -- to harden extensively ?
From: "Ben Nagy" <ben () iagu net>
Date: Wed, 14 May 2003 13:27:02 +0200
This reminds me of a dream I had once where someone nice would create integrated build CDs for task purposed unix servers - example might be a hardened OS set up to just run apache, with predefined users that could do nothing but add remove modules and change the configs. Same for DNS proxies, HTTP proxies, Mail Relay etc etc. Sort of like an "Open Source Appliance Project". We already have lots of groups that are doing great work in creating general purpose boxes that are designed to play security sensitive roles, but I still think that the locking down and disabling process is either too time consuming or too technically difficult for some admins, which means it's still not getting done in the wild. I like the concept of "firewalls" which use fast packet filters but have task purposed boxes in a DMZ to play each of these security critical services. The proxy / application gateway concept, but spread across more than one box. Many advantages, and hardware is cheap. ben
-----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Keith A. Glass Sent: Wednesday, 14 May 2003 4:01 AM To: kluivert () tm net my; firewall-wizards () honor icsalabs com -----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of Julian Gomez Sent: Tuesday, May 13, 2003 10:21 AM To: firewall-wizards () honor icsalabs com Subject: [fw-wiz] Custom Unix server installations -- to harden extensively ?Hi,What is the relative opinion of hardening general purposeUnix servers [...]
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Custom Unix server installations -- to harden extensively ? Julian Gomez (May 13)
- Re: Custom Unix server installations -- to harden extensively ? Paul Robertson (May 13)
- Re: Custom Unix server installations -- to harden extensively ? John Adams (May 13)
- Re: Custom Unix server installations -- to harden extensively ? Julian Gomez (May 15)
- RE: Custom Unix server installations -- to harden extensively ? Keith A. Glass (May 14)
- RE: Custom Unix server installations -- to harden extensively ? Ben Nagy (May 14)
- Re: Custom Unix server installations -- to harden extensively ? Carson Gaspar (May 14)
- Re: Custom Unix server installations -- to harden extensively ? Devdas Bhagat (May 15)
- Re: Custom Unix server installations -- to harden extensively ? Bill Royds (May 16)
- Re: Custom Unix server installations -- to harden extensively ? Marcus J. Ranum (May 15)
- Re: Custom Unix server installations -- to harden extensively ? Matthew Kirkwood (May 16)
- Re: Custom Unix server installations -- to harden extensively ? Devdas Bhagat (May 15)
- Re: Custom Unix server installations -- to harden extensively ? Crispin Cowan (May 14)
- Re: Custom Unix server installations -- to harden extensively ? Mason Schmitt (May 15)
- <Possible follow-ups>
- RE: Custom Unix server installations -- to harden extensively ? salgak (May 15)
- Re: Custom Unix server installations -- to harden extensively ? Barney Wolff (May 15)
- RE: Custom Unix server installations -- to harden extensively ? Keith A. Glass (May 16)
- Re: Custom Unix server installations -- to harden extensively ? Barney Wolff (May 15)
(Thread continues...)