Quote:
Originally Posted by Ubunoob001
... I am interested in learning about network security, intrusion detection, system logging, firewall logging etc.
|
That's already a wide range of subjects....not that I am suggesting that it is in any way bad to want to learn a wide range of subjects, just that you may want to focus on a smaller number to start.
Quote:
And as a project I would like to work on creating a desktop box as secure as possible,
|
A laudable aim, even if you don't want to learn more about security
Quote:
Question 1. Is there a good linux distro that is designed for security?
|
Before I even answer that, I'd say it, or what it implies, isn't a single question, and doesn't get a single answer.
If you mean, what distro of linux (and you may not want to dismiss the BSDs either, but just to keep the discussion simple, I'll stick to Linuxes) is designed to be secure, then I'd suggest that there isn't much difference in what they can do. Some are slightly better set up
by default, but it is unclear whether suggesting something better set up by default is doing anything other than depriving you of the chance to learn?
OTOH, you may mean the other side of the equation, something like penetration testing. There are pen testing and security tools distros, and they are a convenience, but the reason that they are a convenience is that they collect a number of tools in one place. If you were a 'hacker' maybe you'd take the attitude <Comedy French accent> I spit on your lousy pern tursting distro and I build my earn</Comedy French accent>; having a distro for this only provides you with an easy-to-carry, all-in-one-place CD/DVD. Beyond that, its the tools...
Quote:
Note:. I know people often say "the distro doesn't matter, it only matters how you configure it.
|
No, it is also the tools. If you don't learn the tools and know which tool is good for what purpose, you can't use them. Which distro gives you the tools that you don't know how to use doesn't matter because you still don't know how to use them.
As a concrete suggestion, I would suggest that you get a copy of wireshark (or similar), look at what is going on on your network and try to prepare for a test; if someone were to ask you what any packet on your network was doing, could you explain in detail what any packet was about? (This is a good, general purpose, networking exercise and doesn't directly have anything to do with security, but trying to learn about security without a solid understanding of networking, when dealing with networked computers, is a bit of a waste of time. You may have to do this sometime when the network is quiet-ish at first to avoid being overwhelmed.)
Another fun thing to do is to grab a pdf of the iptables documentation at
frozentux and read through all of that (due dilligence warning; it is a long document, not hard to read, but there really are several pages; set aside some time for this).