Needle in the haystack
Would it make sense to use a small Linux distro to increase security, not by just decreasing the attack vecktors of uneeded software, but also by minimalizing the amount logs in the system. As I read before on a website that when looking for suspicious logs it like like looking for a needle in a haystack, so instead it better to only check the "hot areas". But by only only checking hot areas could you not be missing something somewhere's else in less oversighted logs? And as I also read on this forum where someone sugguested that once an attacker gets passed your IDS, it's too late. So because of this I was wondering that if I used a small distro would it still be too late, as I can more easily (I presume) to search for malitious activity in the system..
|
Never saw a system with too many logs. Security-wise there are logs you want to look at, and there is no "needle in haystack" situation.
|
If theres not a needle in the haystack situation then why have I heard/read from various sources on the inter-webs, that once an intruder infects your machine. Then from that point to be 100% sure, it's best to just not use that machine... I know you can clean out a machine with antivirus, but antivirus cant un-infect an already infected machine.
|
You do not "clean out the machine", in case your box is compromised you disconnect it from internet and do a fresh install. Before you do that, you investigate how they got in - and yes, you look at multiple logs while investigating. Still no "needle in haystack" situation.
|
I recommend making a distro as lean as possible if you want security. Still today many of the attacks happen not so much on the kernel level but from programs and services running that are not secure.
As always learn and use as many best practices as you can. Small doesn't mean secure. Secure is a wide array of steps. Many boil down to reduce exposure. Reduce the ability of the unknown to access your system. |
Quote:
|
also keep in mind
Just WHO are you securing it from!!! script kiddies ? Hacker group ? random drive by install ? or the NSA/CIA/.... |
Quote:
|
Quote:
|
I think it's extremely hard to secure a system these days. There's just too many vectors (web drive-by, hardware firmwares, 0days,bugs, dirty packets). All we can do, I guess, is to employ best practices and hope for the best.
|
Quote:
Quote:
And I hate guessing. Linux doesn't guess. Link please. Many eyes makes all bugs shallow. Reference: http://web.mit.edu/tweilu/www/eff-ss...reatmodel.html |
Most nasties nowadays infect the Browser and that is going to happen whatever the OS behind it.
An unprotected Linux system is more dangerous than a protected Windows system and most people do not run any protection at all under Linux. It doesn't matter who you are, you will be open to disease if you perform unprotected sex. |
So how do you protect the average Linux desktop other than by not running a browser?
|
Quote:
|
|
All times are GMT -5. The time now is 11:35 AM. |