I have a tendency to agree with what you have there. This may be only my thoughts and someone can counter argue this point. I do install compilers on to my firewall, in case I want to compile a package mind you I never install any servers, especially either telnetd or sshd, on my firewall. If I want to make a mod to my firewall I have to do it locally. Isolate machines through topologies is excellent idea, you don't want to mix live or potentially vulnerable servers with workstations. So you will have a DMZ where you will house your servers that can access the Internet, and a LAN network which will be completely seperate to the DMZ. Even though I have 6 machines at home I have broken my network environment into DMZ, and LAN. My machines on the LAN can only access services I what them to access on the DMZ, My DMZ can only access DNZ, Web, mail, ssh services on the internet. My LAN uses NAT to access internet protocols.
A Distro is a Distro, some have more issues than others but if you have a look at most of redhat issues to date most of the problems exist if the user already has access to the box and wants to elevate their privileges. > > Provided that I > > - install only what I need > - are aware of the functions of utils/packages that I install > - do not install things that can be used against me eg. compilers, sudo, > screen, debugfs, dd etc. > - do not install any irrelevant servers/daemons eg. httpd, ftpd, named, > rpc*d etc. > - keep my packages updated & stable > - securing any services at the application level eg. customising kernel, > xinetd, /etc/security/* etc. > - monitor and apply errata (redhat.com/errata/) > - monitor all logs > - spend some time monitoring security advisories > - use network monitoring, auditing, intrusion tools eg. snort, tripwire, > user space plugins for iptables > - physically isolate machines and services through better network > topology/structure with security in mind > > I think any distribution can be ironclad. The difference then would be the > effort required to secure a box & OS. So provided that I stick to the > fundamental security concepts, am I wasting my time with Redhat compared to > Debian or Slackware etc ? > > There're a lot of other little things that I've come to be aware of over the > years eg. mount (ro) /, find / -perms +444 etc etc. I'm reading some > security guides, Redhat 8.0 has an Official Red Hat Linux Security Guide > (http://www.redhat.com/docs/manuals/linux) and other Redhat related security > guides can be found at linuxdoc.org. Does anybody have further > advice/suggestions on securing a Redhat box ? - don't use computers maybe ? > :) > > I'm looking forward to having a less embarassing setup, and taking better > security measures this time around. > > -- > SLUG - Sydney Linux User's Group - http://slug.org.au/ > More Info: http://lists.slug.org.au/listinfo/slug > -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
