Re: Custom Unix server installations -- to harden extensively ?

[Barney Wolff <barney () databus com>]

On Wed, May 14, 2003 at 06:27:35AM -0700, salgak () speakeasy net wrote:
> Well, once upon a time, there was a distribution called "Storm Linux" which was designed, from day one, to be a 
> firewall.   Unfortunately, I've seen neither hide nor hair of Stormix Technologies since sometime in 2001, and the 
> website comes up "not available at this time".
>
> But, thanks to Distrowatch, I DID find a mirror of the ISO of it:
>
> http://public.ftp.planetmirror.com/pub/storm/iso/
>
> I'll be d/ling it myself in the next day of three (Mandrake 9.1 is still coming down on the home box. . .)

It may be stating the obvious, but something that may have been secure in
2001 will not be secure today, since it won't have had fixes for bugs
discovered since then.  Sure, you don't need fixes for stuff you've turned
off, but there have certainly been kernel security fixes in the last two
years and you didn't turn off the kernel.

It would be lovely to have something that could be set up once and stay
secure forever.  Fantasy.  That doesn't make turning stuff off useless,
because it does reduce the frequency of fixes you must apply, by enough
so that you can actually keep up.

-- 
Barney Wolff         http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards