RE: Custom Unix server installations -- to harden extensively ?

["Ben Nagy" <ben () iagu net>]

This reminds me of a dream I had once where someone nice would create
integrated build CDs for task purposed unix servers - example might be a
hardened OS set up to just run apache, with predefined users that could do
nothing but add remove modules and change the configs. Same for DNS proxies,
HTTP proxies, Mail Relay etc etc. 

Sort of like an "Open Source Appliance Project".

We already have lots of groups that are doing great work in creating general
purpose boxes that are designed to play security sensitive roles, but I
still think that the locking down and disabling process is either too time
consuming or too technically difficult for some admins, which means it's
still not getting done in the wild.

I like the concept of "firewalls" which use fast packet filters but have
task purposed boxes in a DMZ to play each of these security critical
services. The proxy / application gateway concept, but spread across more
than one box. Many advantages, and hardware is cheap.

ben

> -----Original Message-----
> From: firewall-wizards-admin () honor icsalabs com 
> [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf 
> Of Keith A. Glass
> Sent: Wednesday, 14 May 2003 4:01 AM
> To: kluivert () tm net my; firewall-wizards () honor icsalabs com
>
> -----Original Message-----
> From: firewall-wizards-admin () honor icsalabs com
> [mailto:firewall-wizards-admin () honor icsalabs com]On Behalf 
> Of Julian Gomez
> Sent: Tuesday, May 13, 2003 10:21 AM
> To: firewall-wizards () honor icsalabs com
> Subject: [fw-wiz] Custom Unix server installations -- to 
> harden extensively ?
>
>
> > Hi,
>
> > What is the relative opinion of hardening general purpose 
> Unix servers [...]

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards