How secure out of the box?

axer

Hi all,

I am looking at using Linux (probably Ubuntu or Debian) in a corporate production environment to be used solely for running OSSEC (Intrusion detection system - this is the collection server for all other MS servers in the network).

I don't have much experience with Debian but I have used it and setup an intranet web server and created a script or two.

This server will not be publicly accessible but it will be on the same network (physically - separated via a VLAN) as some webservers which take credit card details etc. in our colocation hosting environment. This entire environment is MS based.

My question is, how secure is the likes of Ubuntu or Debian out of the box with a strong root password?

Is there anything else I need to be aware of from a security point of view?

Am I mad to use Linux in this situation with not a huge amount of *nix experience?

Blowfish

If you want it as bulletproof as possible out of the box, run it on OpenBSD. Nothing else comes close to it tbh.

Naikon

OpenBSD is the best solution for out of the box security
currently in existance. Unix security is all relative to your
habits.

If you are compiling most apps from source, and applying
patches and the like, it's pretty damn secure.

Most security issues releate to users doing silly things like
using root all the time and not following basic procedures.

Just remember that security is a process, and can't ever
be pushed to the side regardless of the OS you use.

axer

Thanks guys.

I actually have Debian installing in a virtual machine at the moment as that is the only one I have used and we already have a box here running it.

From my understanding Debian should be secure. I was recommended CentOS by someone else but I was thinking it is better if I have some familiarity of the system already and I don't think I will be compiling anything on it (I don't even know how ).

Debian seems to have finished installing so will see how that goes. Am going to run an internal security scanner on it to see what that says.

I have read that Debian does automatic updates aswell which I really want.

Do you think this will suffice?

Orion

How about Backtrack

BackTrack is the most top rated linux live distribution focused on penetration testing

ressem

Macros42 wrote: »

How about Backtrack

Isn't that close to the opposite of what is needed? A CD of exploit tools?

francosp

Solaris 10 with the Solaris Security toolkit installed would do the job for you.

Ok, its not exactly "out of the box" but applying the toolkit is trivial.


We use it all the time on public facing web servers...

Orion

I misread the op. I read it as a exploit testing server rather than a detection server. My bad

bushy...

axer wrote: »

Thanks guys.

I actually have Debian installing in a virtual machine at the moment as that is the only one I have used and we already have a box here running it.

Openbsd as a ready to run appliance :

http://www.tdisecurity.com/iso/OAMP.zip

- easy way to have a look around it , if it suits , do a fresh install

ArseBurger

SELinux is also an option.

Huge fan of *BSD - but it's good to give alternatives.

axer

Is there anything actually wrong with me using Debian? I know everyone has their favourite flavour. Just to remind, this box is not public facing. It is on a network that does have some public facing web servers running windows.

I would like to keep it the same as our other intranet Linux box if that is not a security risk.

Khannie

axer wrote: »

Is there anything actually wrong with me using Debian?

Nope.