The most secure Linux distribution

Discussion in 'other software & services' started by xouy, May 19, 2006.

Thread Status:
Not open for further replies.
  1. xouy

    xouy Registered Member

    Joined:
    May 18, 2006
    Posts:
    4
    Hello!
    I want to use a graphical OS based on Linux that provides the highest security
    What would you advise me to use? (RedHat, Fedora, Ubuntu, Mandriva …)
    Many Thanks
     
  2. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    I suppose if you're talking ultimate security, a LiveCD distro would be better than anything installed on your drive. I love Ubunto.
     
  3. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    I would advise you using OpenBSD, not Linux. Just my 2 cents.
     
  4. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    I agree, or FreeBSD !

    But anyway, alle Unix/Linux versions or (or better al OS-es)
    are safer then any Windows version.
     
  5. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,103
  6. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    If you go Linux I would recommend Fedora as the most secure one at the moment (because of SELinux and it's firewall). For top-security you could take a look at the BSD variants.
     
  7. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Agree, or you could (not recommended) try to get gentoo working than disable a bunch of stuff. But that is why I prefer openbsd, with the secure by default approach and proactive instead of reactive.

    Alphalutra1
     
  8. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,103
  9. securityx

    securityx Registered Member

    Joined:
    Dec 1, 2005
    Posts:
    149
    On principle alone, I would never use Selinux. The National Security Agency is the last place I would go looking for "secure" software, open-source or not. Like I said, on principle alone the NSA can keep their Selinux. I know, I know, "so don't use it." I won't and I just hope others would THINK before using Big Brother's software.

    -----securityx-----
     
  10. xincentre

    xincentre Registered Member

    Joined:
    May 17, 2006
    Posts:
    8
    all of them is ok. different distribution is little different.
     
  11. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,103
    Hi securityx,

    Why not admit that you are being just a little bit paranoid about the NSA. The fact is that as security experts go - they are right up there if not the best - and for proof you can get their Windows Security Guides here:
    * Zipped Windows XP Security Configuration Guides from NSA
    http://www.nsa.gov/snac/downloads_all.cfm
    http://www.nsa.gov/snac/winxp/download.htm

    They have done a lot of work in the research area of secure kernels, like Mach, and it stands to reason that they would not put any funny stuff in something for which the source is available. It might then be used against their methods and be subject to compromise. Not very smart if they would do such a thing unless that is part of the plan. Just ask yourself if you are you smart enough to be really secure? They know how to be secure - most of us are still trying. Then again real security may just be a figment of the imagination - I always say. Of course, it has already been said that to hide a key, what better place than to hide it in plain sight with a thousand other keys!

    -- Tom
     
  12. herbalist

    herbalist Guest

    I wouldn't call avoiding the NSA version paranoid. Given the current events regarding them, I'd call it a source I don't trust.
    Out of the other more secure Linux versions, which are free for the downloading? I've finally got this old box ready for Linux, and probably a BSD version if one will run on my hardware. How much difference is there between free and open BSD?
    Rick
     
  13. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,103
    Hi herbalist,

    What makes you think the other versions of Linux are more secure? If you base your trust on current events - you should attempt to understand what a trusted kernel is in security terms and make the basis of your decision on fact rather than on current events.

    -- Tom
     
  14. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    I agree about not using the NSA Linux distro on principle alone. I think SecurityX made it pretty clear that it was based on principle more than anything as to why he wouldn't be using it. The NSA, let's face it, IS the very epitome of Big Brother. Up until just over a decade ago, the government wouldn't even acknowledge that the agency existed. They believe that anything and everything can be justified by the current "war on terror." In light of current events, I agree with SX and herbalist. It has nothing to do with politics, it has to do with a reasonable right to privacy. That knows no politcal party.
     
  15. securityx

    securityx Registered Member

    Joined:
    Dec 1, 2005
    Posts:
    149
    That is correct, Gerard. Thank you.

    -----securityx-----
     
  16. herbalist

    herbalist Guest

    That isn't what I said/asked, but the 2 previous posts summed it up quite well.
     
  17. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,103
    What makes a distribution of any OS, Linux or otherwise, secure? The definitive test is whether a kernel has been subjected to formal method analysis and testing. Without a secure kernel, applications have no chance to be secure.

    Principle, current events, fear, emotion - can indeed play a part in any individual decision to not use any works derived from NSA - granted. It just goes to show how little is known about the real work it takes to make a secure kernel.

    Here is a link, for those who might be interested in a white paper, which provides just a small snapshot of what the NSA has done to promote security in OS-land in the past on the topic of Real-Time Secure Operating System:
    http://www.lynuxworks.com/products/whitepapers/secure-rtos.php3

    The more we all understand about what real security actually is and what its foundation derives from, the less likely we are to being duped by others or ourselves, our fears, our emotions, our principles and current events.

    -- Tom
     
  18. securityx

    securityx Registered Member

    Joined:
    Dec 1, 2005
    Posts:
    149
    Tom, I don't think you understand. First of all, I think I know what "real security actually is." Have you ever chosen not to make a purchase from a store, a vendor, etc. because their values conflict with yours? That is all I think is being said here.

    You want your software from the National Security Agency? You can have it. But don't assume that those of us who choose not to awed by the "what the NSA has done to promote security" meme somehow translates into we don't know "what real security actually is."

    -----securityx-----
     
  19. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,103
    What you are awed by has absolutely nothing to do with whether you can make the right decision pertaining to what constitutes a secure kernel or OS. Value based decisions are ok as far as they go, the question is - how far do they go in terms of understanding "real security". If you choose to believe the hype, more power to you - you'll need it.

    The irony of it all is that whatever the values, what is in common is to be secure. All I'm calling for is a fair and impartial evaluation comparison on the basis of formal methods to determine what constitutes "real security". If it cannot pass the rigor of the mathematical scrutiny - its not worth whatever value you place on it, regardless if you believe it constitutes "real security" or not.

    -- Tom
     
  20. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
Loading...
Thread Status:
Not open for further replies.