The most secure Linux distribution

Hello!
I want to use a graphical OS based on Linux that provides the highest security
What would you advise me to use? (RedHat, Fedora, Ubuntu, Mandriva …)
Many Thanks

 

I suppose if you're talking ultimate security, a LiveCD distro would be better than anything installed on your drive. I love Ubunto.

 

I would advise you using OpenBSD, not Linux. Just my 2 cents.

 

I agree, or FreeBSD !

But anyway, alle Unix/Linux versions or (or better al OS-es)
are safer then any Windows version.

 

There is the public domain Linux, Security-Enhanced Linux:
http://www.nsa.gov/selinux/

-- Tom

 

If you go Linux I would recommend Fedora as the most secure one at the moment (because of SELinux and it's firewall). For top-security you could take a look at the BSD variants.

 

Agree, or you could (not recommended) try to get gentoo working than disable a bunch of stuff. But that is why I prefer openbsd, with the secure by default approach and proactive instead of reactive.

Alphalutra1

 

Other secure Linux distributions:
* Trustix Linux
http://www.trustix.net/
* EnGarde Secure Linux
http://www.engardelinux.org/modules/index/index.cgi

-- Tom

 

On principle alone, I would never use Selinux. The National Security Agency is the last place I would go looking for "secure" software, open-source or not. Like I said, on principle alone the NSA can keep their Selinux. I know, I know, "so don't use it." I won't and I just hope others would THINK before using Big Brother's software.

-----securityx-----

 

all of them is ok. different distribution is little different.

 

Hi securityx,

Why not admit that you are being just a little bit paranoid about the NSA. The fact is that as security experts go - they are right up there if not the best - and for proof you can get their Windows Security Guides here:
* Zipped Windows XP Security Configuration Guides from NSA
http://www.nsa.gov/snac/downloads_all.cfm
http://www.nsa.gov/snac/winxp/download.htm

They have done a lot of work in the research area of secure kernels, like Mach, and it stands to reason that they would not put any funny stuff in something for which the source is available. It might then be used against their methods and be subject to compromise. Not very smart if they would do such a thing unless that is part of the plan. Just ask yourself if you are you smart enough to be really secure? They know how to be secure - most of us are still trying. Then again real security may just be a figment of the imagination - I always say. Of course, it has already been said that to hide a key, what better place than to hide it in plain sight with a thousand other keys!

-- Tom

 

I wouldn't call avoiding the NSA version paranoid. Given the current events regarding them, I'd call it a source I don't trust.
Out of the other more secure Linux versions, which are free for the downloading? I've finally got this old box ready for Linux, and probably a BSD version if one will run on my hardware. How much difference is there between free and open BSD?
Rick

 

Hi herbalist,

What makes you think the other versions of Linux are more secure? If you base your trust on current events - you should attempt to understand what a trusted kernel is in security terms and make the basis of your decision on fact rather than on current events.

-- Tom

 

I agree about not using the NSA Linux distro on principle alone. I think SecurityX made it pretty clear that it was based on principle more than anything as to why he wouldn't be using it. The NSA, let's face it, IS the very epitome of Big Brother. Up until just over a decade ago, the government wouldn't even acknowledge that the agency existed. They believe that anything and everything can be justified by the current "war on terror." In light of current events, I agree with SX and herbalist. It has nothing to do with politics, it has to do with a reasonable right to privacy. That knows no politcal party.

 

That is correct, Gerard. Thank you.

-----securityx-----

 

That isn't what I said/asked, but the 2 previous posts summed it up quite well.

 

What makes a distribution of any OS, Linux or otherwise, secure? The definitive test is whether a kernel has been subjected to formal method analysis and testing. Without a secure kernel, applications have no chance to be secure.

Principle, current events, fear, emotion - can indeed play a part in any individual decision to not use any works derived from NSA - granted. It just goes to show how little is known about the real work it takes to make a secure kernel.

Here is a link, for those who might be interested in a white paper, which provides just a small snapshot of what the NSA has done to promote security in OS-land in the past on the topic of Real-Time Secure Operating System:
http://www.lynuxworks.com/products/whitepapers/secure-rtos.php3

The more we all understand about what real security actually is and what its foundation derives from, the less likely we are to being duped by others or ourselves, our fears, our emotions, our principles and current events.

-- Tom

 

Tom, I don't think you understand. First of all, I think I know what "real security actually is." Have you ever chosen not to make a purchase from a store, a vendor, etc. because their values conflict with yours? That is all I think is being said here.

You want your software from the National Security Agency? You can have it. But don't assume that those of us who choose not to awed by the "what the NSA has done to promote security" meme somehow translates into we don't know "what real security actually is."

-----securityx-----

 

What you are awed by has absolutely nothing to do with whether you can make the right decision pertaining to what constitutes a secure kernel or OS. Value based decisions are ok as far as they go, the question is - how far do they go in terms of understanding "real security". If you choose to believe the hype, more power to you - you'll need it.

The irony of it all is that whatever the values, what is in common is to be secure. All I'm calling for is a fair and impartial evaluation comparison on the basis of formal methods to determine what constitutes "real security". If it cannot pass the rigor of the mathematical scrutiny - its not worth whatever value you place on it, regardless if you believe it constitutes "real security" or not.

-- Tom

 

if you don't like the NSA and Security-Enhanced Linux you could try AppArmour in opensuse
http://en.opensuse.org/AppArmor