[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Secured vs. Security Distros and Wish Lists

To: securedistros@nl.linux.org
Subject: Re: Secured vs. Security Distros and Wish Lists
From: Matthew Franz <mdfranz@txdirect.net>
Date: Tue, 8 Jun 1999 12:14:51 -0500 (CDT)
In-Reply-To: <99060712473600.05277@calvert.syr.edu>
Reply-To: securedistros@nl.linux.org
Sender: owner-securedistros@humbolt.nl.linux.org

> > Why _SHOULD_ it not contain these tools. I do not see why it should
> not maybe it does not need them to be secure but there is no reason it
> should not have these tools. Furthermore there is a lot to be said for
> using these tools against your own system to make sure it is secure.

Here a few tools I **wouldn't** want on let's say an external Web/DNS
server on my DMZ or on a UNIX based firewall: 

sniffit - no obvious *defensive* security uses whatsoever, except for
scaring folks into using ssh

vulnerability scanners (network) - saint/satan/sara and other tools such
as mns, nskan, cgichk, etc. that scan for specific network vulnerabilities

exploits - DoS stuff, the exploit of the month, remote (ftp, pop, imap,
bind, tooltalk, whatever) or local exploits that allow me to overwrite
uid 0 files.... Probably not a good idea.

port scanners - not as harmful as the others, but let's say I compromise
your firewall and you just happen to have nmap sitting in /usr/local/bin/
so you can probe yourself. hmmm... I like it... Or on your webserver, now
I can start scanning folks from *your* site.. I like it even better.


Part of the problem her is that we have not defined/described what a
"secure"  Linux distribution or installation is.  This will be an
extremely difficult problem because security has lots of gray areas. 
Security is highly dependent on the context.  Security is relative to the
risk you are willing to accept.  If this "secure" fileserver is going to
be sitting behind a couple of routers and a firewall and under the
watchful eye of a network IDS, it will be totally different from a
"secure" ftp or mail server exposed to the world.

Sure I've got tcpdump, nmap, and a bunch of stuff I probably shouldn't
have on one of my firewalls, but thats because that network isn't a
production network and I'm willing to accept the risk of someone
compromising that box and using those tools against a bunch of
Linux/Sparcs in a classroom which have to be baselined after every class
anyway.

But would I want those tools included in a Linux distribution that
marketed itself as being secure?  No.  Would I want them I a Linux
distribution that marketed itself as being good for probing other boxes
and testing for vulnerabilities, by all means. 

-mdf


________________________________________________________________________
 Matthew D. Franz                                  mdfranz@txdirect.net 
 http://www.trinux.org                 Trinux: A Linux Security Toolkit 
 http://www.opensec.net                OpenSEC: Open Security Solutions


-
Securedistros: A common list for all secured Linux distributions
Archive:       http://humbolt.nl.linux.org/lists/

Follow-Ups:
- Secured vs. Security Distros and Wish Lists
  - From: Justin Hahn <jehahn@raven.bu.edu>

References:
- Re: Secured vs. Security Distros and Wish Lists
  - From: Douglas Elznic <dfelznic@syr.edu>

Prev by Date: Re: Digest
Next by Date: Re:
Prev by thread: Re: Secured vs. Security Distros and Wish Lists
Next by thread: Secured vs. Security Distros and Wish Lists
Index(es):
- Date
- Thread