Re: making Debian secure by default
On 28 Mar 2024 15:28 -0400, from greg@wooledge.org (Greg Wooledge):
>> so apparently somebody else has done a threat analysis and decided
>> apparmor is the appropriate mitigation strategy?
>
> *An* appropriate mitigation strategy. Not "the".
>
> There are many, many layers.
Right. We've got everything from address space layout randomization
(ASLR), firewalling, full-disk encryption (for example with LUKS) and
automatic system updates all the way to password policies,
file/directory access permissions and system call masking. There is
the concept of data backups, storage-level redundancy, SMART
monitoring and system log analysis. It's possible to choose between
encrypted SSH and plain-text telnet or rsh for remote shell access
(and these days, no one should suggest the latter, but I digress).
Each of which can help mitigate _some_ threats and is utterly useless
against others.
Even within each of those there are differences. For example, a _lot_
of people and guides say, essentially unconditionally, "Thou Shall
Disable SSH Password Authentication". That's good advice in some
situations and _horrible_ advice in other situations.
It's not particularly meaningful to make a threat assessment for
"Debian". (It might very well be meaningful to make a threat
assessment for _the Debian project_, but that's something very
different.) What certainly _is_ meaningful is to make a threat
assessment for your computer, your data, your network and your usage.
Which will almost certainly be very different from mine, or Alice's,
or Bob's; never mind between my desktop system, Carol's server and
Mallory's laptop; and therefore will require a different
implementation.
--
Michael Kjörling 🔗 https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”
Reply to: