Infrastructural attacks on free software
Infrastructural attacks on free software
Posted Nov 26, 2003 6:30 UTC (Wed) by proski (subscriber, #104)In reply to: Infrastructural attacks on free software by smoogen
Parent article: Infrastructural attacks on free software
Don't put more than one service on the same machine. Don't put too many users with shell access on the same machine. Separate users into groups with different permissions to make it easier to find compromized accounts. Use remove logging so that the logs cannot be erased by successful attackers. Don't choose software for servers based on marketing or political considerations (i.e. we just have to run our distribution). Monitor critical files. Insulate development machines from the key infrastructure (web server, FTP). Use security features of the OS when possible (capabilities, ACLs, chroot, system levels).
Posted Nov 26, 2003 8:55 UTC (Wed)
by walles (guest, #954)
[Link] (3 responses)
I have to disagree with the part about not necessarily running your own distro. If the distro isn't good enough for the distributor, how could it be good enough for anybody else? If a distro is too insecure, the distributor should fix it, not avoid it. Dogfood is an excellent principle. I agree on everything else you wrote though.
Posted Nov 26, 2003 9:20 UTC (Wed)
by Robin.Hill (subscriber, #4385)
[Link] (2 responses)
Posted Nov 26, 2003 10:36 UTC (Wed)
by stuart (subscriber, #623)
[Link] (1 responses)
But Debian is (or wants to be) the "Universal Operating System" and hence dogfood is very much in. Stu.
Posted Dec 5, 2003 3:26 UTC (Fri)
by eread (guest, #1918)
[Link]
Perhaps they might consider using a special-high secure distro for critical systems. Thanks.
Posted Nov 26, 2003 15:14 UTC (Wed)
by freethinker (guest, #4397)
[Link] (1 responses)
Your other points are good, but I have to take issue with this one. While running the Debian servers on, say, OpenBSD would be somewhat more secure, it would also force Debian maintainers to keep up with OpenBSD developments and be expert users of two very different systems. It would also make a critical part of the Debian infrastructure dependent on an entirely separate project. Neither is desirable. Besides, while no one can match OpenBSD's record, Debian is no slouch. The distro has an excellent reputation for security. I very much doubt anyone will crack these machines again, now that they've had this wake-up call.
Posted Nov 27, 2003 19:43 UTC (Thu)
by NAR (subscriber, #1313)
[Link]
I disagree. Only the sysadmins of the servers should be "OpenBSD experts" - a simple user might not even notice if he's on OpenBSD instead of Debian. The basic UNIX tools are the same everywhere (and the GNU tools can be installed, if needed) and I don't think a package maintainer needs any more than that on the main servers.
> Don't choose software for servers based on marketing or politicalDogfood
> considerations (i.e. we just have to run our distribution).
That depends to a large extent on what market the distro is aimed at. If it's targeting the desktop/games market then you should definitely be picking another distro for the server.
Dogfood
Quite,Dogfood
I would say that Debian wants to be general purpose.Dogfood
> Don't choose software for servers based on marketing orInfrastructural attacks on free software
> political considerations (i.e. we just have to run our
> distribution).
While running the Debian servers on, say, OpenBSD would be somewhat more secure, it would also force Debian maintainers to keep up with OpenBSD developments and be expert users of two very different systems.
Infrastructural attacks on free software