Security protocol issue
 

Will using a security protocol designed for Red Hat 5 (no, not Enterprise, RH5 circa 1998) on a Fedora 14 system secure it?

I've been tasked with implementing an archaic security protocol (which includes over a 100 things one must do to secure a RH5 system) on a system with Fedora 14. I have unsuccessfully argued that this will not secure the Fedora 14 system (as I imagine there have been significant changes to the OS and how to secure it in the 10 years between RH5 and Fedora 14).

Anyhow, I wanted to know if anyone else has encountered this issue, and how they resolved it. Note: I am no Fedora 14 guru, and have little knowledge on how to secure a linux system (in general). It's just that my gut tells me using the old protocol is not the right thing to do.

What were the arguments you used?
What were the reasons that were given you in return?


What's the URI? What's it based on? Where's the documentation?


While RHL is a far cry from recent Fedora security best practices tend to evolve and adapt. The question is finding out 0) what the protocol was based on and what it offers, 1) what the system needs to be protected against and 2) the reason for wanting to implement an old version of a security protocol. Knowing #0 means knowing if you have a solid foundation to build on, knowing if #0 and #1 match means knowing if putting in any effort will be efficient and produce an end result that adheres to which rules and regulations, mindset or whatever else is used as a yardstick and knowing #2 means knowing what ammo or which strategy to use for discussing changes.
So instead of slagging it off based on what little nfo you provided, IMHO solution-wise a better question would be "what additional measures are required to ensure the system is properly hardened?" .

One thing that is possibly worth considering is that a a circa 1998 Linux would have been based upon the 2.0 kernel. Current Linux distributions are based on a long modified 2.6 or 3.x kernels. This means that in terms of security posture, many things would have evolved, exploits would have been uncovered and so forth such that it may not even be possible to secure an old system like that against current threats.

Quite obviously, everything depends upon exactly what-the-heck you (and/or your employer ...) actually means by the very-ambiguous term, "security protocol."