Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Linux Web Server Hardening (LAMP + Wiki)

From: James Thomas <jim () nimblesec com>
Date: Mon, 28 Jan 2013 13:48:44 -0500
Dear Eric,

Thank you for your note.

On 28/01/2013 03:19, Eric Furman wrote:

Don't use Linux. It is insecure. Use Windows or one of the BSDs.
All are much more secure.


I'd argue that none of these are secure, that perfect security is an
illusion, and that technical solutions aren't everything.  If there have
been fewer exploits for the BSD's, I'd argue that this is merely because
they, being lesser known, represent a smaller attack surface.  I'd be
more concerned about configuring systems properly than with choice of
OS, and training all associates to resist spearphishing, etc.

Security should be seen as a series of layers, any of which might be
breached, and the layer closest to one's skin should be an awareness of
techniques that may be employed by an attacker, and how to mitigate
them.  Mitnick's books are a good start for this.

That said, I have no useful answers for Jeffrey's actual question offhand.

James


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: