What do you recommend in regards to security?

There are many different operating systems; which one will you choose?

Re: What do you recommend in regards to security?

Post by sanddbox on Tue Oct 19, 2010 9:04 am
([msg=47793]see Re: What do you recommend in regards to security?[/msg])

For the record, just because an OS has several skiddie tools on it doesn't make it secure. (And yes, there are legitimate uses for the tools on Backtrack...they are just far and in between, in terms of the types of people using the OS).
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2331
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Re: What do you recommend in regards to security?

Post by fashizzlepop on Tue Oct 19, 2010 9:34 pm
([msg=47826]see Re: What do you recommend in regards to security?[/msg])

There are ways to bypass VMs and gain access to the host. It's been done before.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2303
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: What do you recommend in regards to security?

Post by OnlyHuman on Wed Oct 20, 2010 3:03 pm
([msg=47856]see Re: What do you recommend in regards to security?[/msg])

I know, that's what sucks about it. The need for traditional methods of hardening a system are still there. They just exist independently of the actual working environment this way. But the way I see it, the only real way to be secure is to make sure you can bounce back from an attack quickly. No system is ever going to be 100% impregnable. That's why there are literally thousands of tools to harden them now, and those tools are constantly updated. HIPS help, jails help, honeypots help, even the VM is only a tool to help. I like this method, because it makes the rebound as painless as possible.
OnlyHuman
Poster
Poster
 
Posts: 191
Joined: Sat Aug 22, 2009 1:37 am
Blog: View Blog (0)


Re: What do you recommend in regards to security?

Post by sanddbox on Wed Oct 20, 2010 7:33 pm
([msg=47862]see Re: What do you recommend in regards to security?[/msg])

fashizzlepop wrote:There are ways to bypass VMs and gain access to the host. It's been done before.


When a vulnerability is present, yes.
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2331
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Re: What do you recommend in regards to security?

Post by hackuin60s on Thu Oct 21, 2010 6:44 am
([msg=47877]see Re: What do you recommend in regards to security?[/msg])

If you are using it as Desktop [ Personal computing ], you can go with any of the distribution based on Debian, which actually pretty good for personal computing. You first need to understand that as you are not using it to provide any kind of service to outside world, Just lock down/disable the services with you filtering device/application, say IPTables to deny all inbound [initialisations] communications, because there is no reason someone is trying to connect your PC as you are not providing any kind of service to other. Set up a AppArmor/SE-Linux for your applications. And yes, don't get SE'd. :b

Obviously, for being a attacking computer, you need different set of tools, which you can easily get for you distribution. BT comes down with plenty of security/pen-testing tools pre installed. But, most of them are multi tools for a single purpose. However, you just need to get a decent tools and install on you distribution if you really need them.

The thing is, when you opt for securing something, you must always have back-up/recovery plan set before attempting anything like this. When you want to play around with your OS, make sure you don't endup with losing your important data.

So, its actually depends upon you to configure you distribution according your specific needs.

~Hackuin
Certified: RHCSA, RHCE, CCNA.
Free software" is a matter of liberty, not price. To understand the concept, you should think of "free" as in "free speech," not as in "free beer."
User avatar
hackuin60s
New User
New User
 
Posts: 22
Joined: Mon Apr 14, 2008 3:17 pm
Blog: View Blog (0)


Re: What do you recommend in regards to security?

Post by tremor77 on Mon Oct 25, 2010 3:46 pm
([msg=48092]see Re: What do you recommend in regards to security?[/msg])

I just have to point out with all the software/OS talk... my mantra continues to be the quality usage of a good hardware firewall and creating a usage policy and sticking to it. It allows for my particular brand of sloppy OS administration...
Image
User avatar
tremor77
Contributor
Contributor
 
Posts: 897
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Previous

Return to Operating Systems

Who is online

Users browsing this forum: No registered users and 0 guests