RE: Custom Unix server installations -- to harden extensively ?

["Keith A. Glass" <salgak () speakeasy net>]

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of Barney
Wolff
Sent: Thursday, May 15, 2003 1:02 PM
To: firewall-wizards () icsalabs com
Subject: Re: [fw-wiz] Custom Unix server installations -- to harden
extensively ?


On Wed, May 14, 2003 at 06:27:35AM -0700, salgak () speakeasy net wrote:
> > Well, once upon a time, there was a distribution called "Storm Linux"
which was designed, from day one, to be a firewall.   Unfortunately, I've
seen >neither hide nor hair of Stormix Technologies since sometime in 2001,
and the website comes up "not available at this time".
> > But, thanks to Distrowatch, I DID find a mirror of the ISO of it:
> >
> > http://public.ftp.planetmirror.com/pub/storm/iso/
> >
> > I'll be d/ling it myself in the next day of three (Mandrake 9.1 is still
coming down on the home box. . .)

> It may be stating the obvious, but something that may have been secure in
> 2001 will not be secure today, since it won't have had fixes for bugs
> discovered since then.  Sure, you don't need fixes for stuff you've turned
> off, but there have certainly been kernel security fixes in the last two
> years and you didn't turn off the kernel.

Since it's Debian, can YOU say apt-get ????

> It would be lovely to have something that could be set up once and stay
> secure forever.  Fantasy.  That doesn't make turning stuff off useless,
> because it does reduce the frequency of fixes you must apply, by enough
> so that you can actually keep up.

Like I said, I'll D/l it, so how tough it is to update the packages. .

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards