Re: Securing a Debian server

To: debian-user@lists.debian.org
Subject: Re: Securing a Debian server
From: Jesse Meyer <meyer@btinet.net>
Date: Wed, 9 Jul 2003 10:43:15 -0500
Message-id: <[🔎] 20030709154315.GC5277@ping>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20030708072600.VHYV16292.fep04-svc.swip.net@mta-int.swip.net>
References: <[🔎] 20030708072600.VHYV16292.fep04-svc.swip.net@mta-int.swip.net>

On Tue, 08 Jul 2003, royotto@c2i.net wrote:
> We're thinking about starting to use Debian instead of RH on our Linux 
> boxes and I have a question concerning this. RH offers to check servers 
> and optimizing these for maximum security, does Debian offer this? Or 
> is there a guide on how to do this somewhere?

Sir, let me give you a few bits of advice:

1) Is Redhat held financially responsible in case of a breach?  The
answer is almost certainly no [see below].  If RH does not suffer
monetary damages for a security breach, then their security audit is
probably nothing more then a feel-good script that quickly scans your
system, and ends up suggesting that you use a newer version in case your
system is out of date.

2) Security is not a result, its a process.  Software is a small part of
that process, the human factor is a large part.  Removing unneccessary
services, having strong passwords, removing any cleartext protocols,
etc.  Security is also a PITA - Part of the reason why Microsoft has so
many security holes is that Microsoft is willing to trade ease-of-use
for security.  [Regardless of what some linux users think, Microsoft
isn't stupid[1], it knows that ease-of-use is a big seller, and that
security comes second.]

3) Sooner or later, if you're big enough, you'll get hacked.  A hacker 
can spend days looking at your system, its doubtful you'll spend that
amount of time on them.  A hacker can spend her days researching every
security exploit - do you have that amount of time?  Sooner or later
someone will ask for an insecure system for certain clients to use, and
you'll have to set that system up.  Learn about firewalls and DMZs,
limit permissions and harden the internal network as well.  Use tools
that will tell you when you are under attack, and what was changed on
your file systems.  And keep backups.

Just my $.02

~ Jesse Meyer

[1] Other then the typical corporate stupidity all large companies seem
to have, due to size and internal conflicts of interest.

-- 
         icq: 34583382 / msn: dasunt@hotmail.com / yim: tsunad

   "We are what we pretend to be, so we must be careful about what we 
    pretend to be." - Kurt Vonnegut Jr : Mother Night

Attachment: pgp7dPICedpcq.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Securing a Debian server
  - From: John Hasler <john@dhh.gt.org>

References:
- Securing a Debian server
  - From: <royotto@c2i.net>

Prev by Date: Re: How to play CD and video in debian?
Next by Date: Re: uw-imapd logindisabled
Previous by thread: Re: Securing a Debian server
Next by thread: Re: Securing a Debian server
Index(es):
- Date
- Thread