Isn't that a contradiction in advice since OpenBSD and OpenSSH are done by the same group? :)
Use *bsd, linux, etc. (Not windoze) The largest affect you can have on your security is from your admin skills. If you don't know how to secure a machine, it matters little how and what is installed. If you install a (linux) distribution in a default mode, you're most assuredly making invitation for problems. Only put on the box what is required. For a nessus scanning machine, you're likely to have less than 20..maybe 30 megs of disk space used. Personally I don't use sftp, only scp, I run ssh on a high port, only allow key logins and firewall everything else. While many of these efforts don't provide more security, they are an effective deterrent to the drive by hacker. For those of you who want to naysay, particularly anti-linux <insert extremist description here>, again I point you to the statement that most of your security is in the skills for administering. You can have two machines, one linux one openbsd, both "perfectly" secure, or both horribly insecure, all depending on the person who manages them. David twig les wrote: >I hesitate to write this cause I *really* don't want >to start a religous war...but in my experience if you >want it critically secured, build a headless OpenBSD >box that only listens for ssh (and, hence, sftp). >Patch every 3 months or whenever OpenSSH gets hacked >again, problem solved for the most part... > >
