Roger Barnes wrote:
Ok, hold it right there. Before blabbing on about your systems and how they worked many many years ago (we are talking about kernels, not routers/firewalls BTW), could you please explain where you get these Generic Security Policies (TM?). What are the 40 or more rationales, and how do they apply specifically to _RE_compiling a kernel? Maybe then, we can explain to you in even more specific terms the reasons why not recompiling might be better. Please check the archives again before claiming that no one has given you reasons already.
Firstly, with Securing a network, every textbook on Security teaches that first of all one has to start by deciding on a set of Network Security Policies.
I come up with two:
And security policies may be subdivided into:
1. Generic Security Policies - those that pertains to the administration and control of the physical equipments, e.g., location, physical access procedure, equipment, maintenance, who are permitted, etc. This may also include procedures that pertains to the preparation of the computer systems, specifications, configuration, deployment, and maintenance. This may also include policies pertaining to the daily operation and maintenance of the computer systems. I always include 'that which is not required is always removed from the OS'.
2. Specific Security Policies - those that pertains to the specific services that may allowed, pop, imap, smtp, http, ftp, etc. and who or which departments are allowed to have these services. I also include the policy that 'what is not expressly allowed is not permitted'.
Then, carefully implement these policies. Review every so often and modify if required, and so on.
BTW, I have made thiis as illustrations previously.
Check, the slug archives.
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
