Forgot your password?
typodupeerror
Operating Systems Security Software

A Secure OS For the Dalai Lama? 470

Posted by timothy
from the one-that-works-only-at-high-altitudes dept.
Jamyang (Greg Walton) writes "I am editor of the Infowar Monitor and co-author of the recent report, Tracking Ghostnet. I have been asked by the Office of His Holiness, the Dalai Lama (OHHDL) and the Tibetan Government in Exile (TGIE) to offer some policy recommendations in light of the ongoing targeted malware attacks directed at the Tibetan community worldwide. Some of the recommendations are relatively straightforward. For example, I will suggest that OHHDL convene an international Board of Advisers, bringing together some of the brightest minds in computer and international security to advise the Tibetans, and that the new Tibetan university stands up a Certified Ethical Hacking course. However, one of the more controversial moves being actively debated by Tibetans on the Dharamsala IT Group [DITG] list, is a mass migration of the exile community (including the government) to Linux, particularly since all of the samples of targeted malware collected exploit vulnerabilities in Windows. I would be very interested to hear Slashdot readers opinions on this debate here." (More below.)
Jamyang continues: "Allow me to play devil's advocate for a moment here: in the short term, moving to a platform that is perhaps less familiar to the attacker provides considerable relief, but it is essentially less difficult to write exploits for Mac OS/Linux than it is for Windows, given the many anti-exploitation mechanisms Microsoft has embedded in the last years, so in the long run, if the attackers want your data, the entire move is moot. People should choose a platform based on their productivity requirements instead of purely security. Furthermore, most of the web servers broken into during these attacks (to be used as command and control servers) were not Windows, but Linux. What do you think?

(While I have the floor I'd also like to take this opportunity to plug two initiatives where Slashdot readers can directly help the Tibetan tech community, either through sharing your expertise or your cash! Firstly, one of the obstacles to migrating to Linux for a Tibetan speaker is the lack of decent Tibetan font — can you help? Secondly, Avaaz is raising funds for projects that will help End The Blackout in Tibet, including a proposal to support the deployment of Psiphon's circumvention network. Thanks, or in Tibetan, thuk.je.che!"
This discussion has been archived. No new comments can be posted.

A Secure OS For the Dalai Lama?

Comments Filter:
  • by Skinkie (815924) on Saturday April 18, 2009 @05:46PM (#27630363) Homepage
    It is clear that if an entire community has a requirement for a certain font designing a new one is the most easy thing to do. Release it as free and you have a problem solved. Don't any Tibetan Typographers exist? So with a bit of Googling they do exist and can be found here: http://www.thdl.org/ [thdl.org]
    • Re: (Score:3, Interesting)

      by slashqwerty (1099091)
      In the same vane, Tibet has a few million people. They could get several thousand people working together to develop their own system, or barring that, put together their own Linux distro and audit every line of code. It's just a question of how seriously they take their computer security.
      • put together their own Linux distro

        Dalai Linux!

    • by belmolis (702863) <billposer@nOSpam.alum.mit.edu> on Saturday April 18, 2009 @07:05PM (#27631121) Homepage

      Actually, designing a Tibetan font is rather difficult. Tibetan letters combine in complicated ways (somewhat like Devanagari, but worse), meaning that it is either necessary to produce very sophisticated rendering software/info or necessary to create a large number of pre-combined glyphs.

      • by Kaboom13 (235759) <kaboom108@bellsFREEBSDouth.net minus bsd> on Saturday April 18, 2009 @08:59PM (#27631967)

        I know purists will hate this, but another solution would be to create a standardized way to display tibetan without the letter combination. Just like japanese has a more or less standardized process for displaying japanese words in the roman alphabet, a way to do something simliar in Tibetan would be useful. Spending a ton of time modifying all western software to use advanced typography to display Tibetan "correctly" could well backfire. The end result would be the effort required would result in few programs being translated at all, and another language becoming the defacto standard for computer savvy Tibetans. That road leads to youth with minimal skills in their own cultural language.

        • Re: (Score:3, Insightful)

          by Microlith (54737)

          Just like japanese has a more or less standardized process for displaying japanese words in the roman alphabet

          Mashing everything into the roman alphabet isn't necessarily the best thing. The Japanese don't use romaji at all in any real contexts. So it's a more complex script? Make sure Unicode supports it. Update the rendering engines to handle it. No sense in forcing people to give up part of their language just to use software.

          another language becoming the defacto standard for computer savvy Tibetans

          In ca

          • by speedtux (1307149) on Sunday April 19, 2009 @02:52AM (#27634135)

            Also, changing your society to match the capabilities of some software is -always- the wrong way.

            Sorry to be so blunt, but that's bullshit. Europe made massive changes to its writing systems with the advent of new writing and printing technologies. And that was the right thing to do because it greatly increased literacy.

            Tibetan literacy rates historically have been atrocious, and even today, they are worse than many other nations. Reform and simplification of the Tibetan writing system might well be the right thing to do, and the requirements of software generally coincide with sensible simplification.

        • by sandGorgons (1528485) on Sunday April 19, 2009 @12:53AM (#27633577)
          Graphite [sil.org] is an open-source technology, designed for the specific purpose of non-Roman fonts with complex behaviors [sil.org] like contextual shaping, etc.
          Unfortunately, the default font rendering toolkit in Linux, Pango [sil.org] is not a smart-font technology.
          However, the pango-graphite [ubuntu.com] library supports the smartfont technology if fonts are authored with the appropriate tables.

          I think that people need to share their experiences with designing [sil.org] smart fonts. This way, more projects know what are their options.
        • Re: (Score:3, Insightful)

          by mellon (7048)

          It's not a question of purists. There aren't that many people in the world who read Tibetan. So you'd more likely do harm than good this way. Furthermore, Tibetan Unicode support is very good, so there's no need to redesign the type system. For instance, let's see what happens here:

          à½-à½à¾à½à¼à½à½à½¦à¼à½-à½'à½à¼à½£à½à½à½

      • by speedtux (1307149) on Sunday April 19, 2009 @02:47AM (#27634105)

        Combining letters aren't an intrinsic necessity in any language, they are an affectation and a mechanism for keeping people illiterate. European languages used to have them and got rid of them because the only purpose they serve is to restrict access to reading and writing.

        Tibetan can be written just fine in an alphabetic style. It would be prudent for the Dalai Lama to make that the standard for the Tibetan community.

    • by erroneus (253617) on Saturday April 18, 2009 @07:13PM (#27631191) Homepage

      And failing the thousands of monks having nothing better to do than to spend hours with FontForge, they could just import (read: infringe upon copyright) the fonts they like under Windows and place them into Linux.

      The original notions put forward do mirror my initial concerns when moving from Windows to Linux. Among those concerns were a good Japanese language interface and input method, good fonts and printer support. The first two were addressed with some heavy pushing in that direction with SCIM and whatever it was that came before it... then it became as good or better than Windows. The other was just opening up some man pages or simply giving it a try... turned out not to be difficult in the slightest.

      Moving to a different operating system is a seemingly daunting task to those who have never done it before and they are required, then, to think of computing in terms of what you need to do and how you might accomplish it... not something most people are accustomed to thinking about. (The same can be said about moving from Word Perfect to Microsoft Word and it was a BIG deal!)

      Moving away from Windows is simply necessary judging by the kinds of attacks described. Another option might be Deep Freeze... has that been defeated yet?

      One thing is for certain: one should not be stopped from performing a necessary task merely because it is "difficult." Just do it. If it seems impossible, give it a try anyway. But moving the religious leader and all his followers to Linux is definitely a workable thing to do.

    • by Erikderzweite (1146485) on Saturday April 18, 2009 @10:31PM (#27632613)

      It reminds me of how Bhutan's government has developed its own Debian derivative - Dzongkha Debian Linux - which supports their native language. They have made a font for it too. Costs: around $80 000. I'm sure Tibet can afford such a price.

    • by javajawa (126489) on Saturday April 18, 2009 @11:18PM (#27632931) Homepage

      Actually, There are about five free, unicode fonts that I know of for Tibetan and Dzongkha. Both Windows and Linux support these fonts, and many traditional texts have been typed in unicode. (OSX has a small problem, from what I've heard).

      There are two produced by Chris Fynn TibetanMachineUnicode from THDL, and Jomolhari. Both UChen fonts.

      CTRC produces four fonts (1 UChen and three Ume): CTRC-Uchen, CTRC-Tsumachu, CTRC-Betsu and CTRC-Drutsa

      Additionally, Nithartha has made a proprietary unicode complying font called Sambhota.

      There are also several legacy font systems which use several font files with prestacked characters and input programs.

      This link http://www.aerifal.cx/~dalias/bodyig/fonts/ [aerifal.cx] should give plenty more examples.

  • Huh? (Score:5, Insightful)

    by khasim (1285) <brandioch.conner@gmail.com> on Saturday April 18, 2009 @05:46PM (#27630365)

    "Allow me to play devil's advocate for a moment here: in the short term, moving to a platform that is perhaps less familiar to the attacker provides considerable relief, but it is essentially less difficult to write exploits for Mac OS/Linux than it is for Windows, given the many anti-exploitation mechanisms Microsoft has embedded in the last years, so in the long run, if the attackers want your data, the entire move is moot."

    First off, yes, that is a single sentence.

    Secondly, exactly who is it who says (or can demonstrate) that cracking a Mac or Linux box is easier than a Windows box? My experience is exactly the opposite.

    • Re:Huh? (Score:5, Insightful)

      by cjfs (1253208) on Saturday April 18, 2009 @05:56PM (#27630475) Homepage Journal

      Secondly, exactly who is it who says (or can demonstrate) that cracking a Mac or Linux box is easier than a Windows box? My experience is exactly the opposite.

      The language is vague enough to be pointless. Does he mean when run by the user as root? Does he mean remote exploit vs something in the full install of ___ distro? Does he mean windows makes you click yes more times to run it?

      Now half the comments will be off-topic due to that sentence.

    • Re:Huh? (Score:5, Insightful)

      by maz2331 (1104901) on Saturday April 18, 2009 @05:58PM (#27630497)

      Especially if the sysadmins take an active role in:

      A. Customizing and minimizing the installed packages.
      B. Configuring a very restrictive set of firewall rules.
      C. Configuring a very tight SELinux policy.

      The key to Linux is to not think of it as on Operating System so much as an "OS Toolbox" that lets you build just what is needed.

    • Secondly, exactly who is it who says (or can demonstrate) that cracking a Mac or Linux box is easier than a Windows box? My experience is exactly the opposite.

      Cracking with a virus? Probably not very easy. However, I would imagine that it is much simpler to write a trojan script for *nix than for Windows (until PowerShell gains mindshare among Windows users). Education is the only defense against PEBKAC.

  • Free Tibet! (Score:5, Funny)

    by dj245 (732906) on Saturday April 18, 2009 @05:46PM (#27630367) Homepage
    With purchase of Tibet of equal or lesser value.
  • First thoughts (Score:5, Insightful)

    by FooAtWFU (699187) on Saturday April 18, 2009 @05:47PM (#27630377) Homepage

    it is essentially less difficult to write exploits for Mac OS/Linux than it is for Windows, given the many anti-exploitation mechanisms Microsoft has embedded in the last years, so in the long run, if the attackers want your data, the entire move is moot.

    As opposed to the anti-exploitation frameworks which were present in UNIX systems from the moment they were conceived? and continually updated since? You've been listening to too much Microsoft advertising if you think they're Superior. (Competitive? Maybe. Superior? Not a chance).

  • Talk to the Bhutanese Govt. They're now using a Debian variant with localised scripts for Dzongha. Debian includes some Tibetan fonts.

    That should give you 20,000 apps to leverage :) Christian Perrier who co-ordinates some of the Debian translation work may know more.

  • by saleenS281 (859657) on Saturday April 18, 2009 @05:47PM (#27630387) Homepage
    The only exploits they're going to discover are windows exploits. I hope you've made them well aware exploits exist for every platform, and if someone is directly targeting them rather than just being hit by run-of-the-mill worms, they're going to get in. You should focus your efforts on limiting the amount of damage someone can do once they do get in.
  • by multipartmixed (163409) on Saturday April 18, 2009 @05:55PM (#27630469) Homepage

    If *I* was in charge of the DL's computer, I wouldn't put on *only* Linux or *only* Windows or what have you. I think the DL needs a multiboot machine, and would really appreciate it if you tried to make him one with everything.

  • by 7Ghent (115876) on Saturday April 18, 2009 @05:57PM (#27630493) Homepage

    http://paranoidlinux.org/ is a project to create a distribution which assumes the user is under assault from the government. Right now, it's a vaguely locked down version of Ubuntu, but someday this might be pretty cool.

    In the meantime, just run NetBSD and full-disk encryption.

    From wikipedia:
    NetBSD provides various features in the security area. The Kernel Authorization framework (or Kauth) is a subsystem managing all authorization requests inside the kernel, and used as system-wide security policy. It allows external modules to plug-in the authorization process. NetBSD also incorporates exploit mitigation features, ASLR, MPROTECT and Segvguard from PaX project, and GCC Stack Smashing Protection (SSP, or also known as ProPolice) compiler extensions. The Verified Executables (or Veriexec) is an in-kernel file integrity subsystem in NetBSD. It allows the user to set the digital fingerprints (hashes) of files in the system to monitor by the Veriexec, and prevent the execution of them. For example, one can allow Perl to run only scripts that match the fingerprints. The cryptographic device driver (CGD) provides functionality which allows using the disks or partitions (including CDs and DVDs) for encrypted storage in NetBSD.

    • I am a netbsd user myself, and this is probably what I would suggest too. But netbsd is designed towards portability ahead of other requirements. Openbsd is more targeted at security. Is it possible that openbsd would be a better choice in this instance?
    • Re: (Score:3, Insightful)

      by AnalPerfume (1356177)
      The sarcastic response would be "try Red Flag Linux" but the serious response would be to look at a fully open *nix variant such as Debian, or one of the BSDs. I'm not familiar with any of the BSDs but I'm aware that security is a high priority with them. My reluctance with BSD is the lack of "rich entertainment" (for want of a better description) applications easily installable, which won't be an issue (I'd imagine) for the needs of the Dhali Lama.

      For the BSD fans, this is NOT meant to flame, just to point
      • by MichaelSmith (789609) on Saturday April 18, 2009 @07:12PM (#27631185) Homepage Journal

        My reluctance with BSD is the lack of "rich entertainment"

        I use netbsd on my servers and some workstations. The lack of a rich environment is a defence against PEBAK. The problem is selling it to the users.

        Done properly, the users would need to specify up front exactly what they want their system to do, so that a solution could be designed from those requirements. A lot of the time these days, secure communication is a prime requirement and BSD can certainly provide that.

      • Re: (Score:3, Interesting)

        by Artemis3 (85734)

        By "rich entertainment" you mean the proprietary stuff owners of the code can't be bothered to compile for different platforms? But we are talking security here, the least you want is to add -who knows what it does on your back- black boxes known as proprietary software.

        Mp3 is no problem as there is plenty of free software for it (being a patented format is an entirely different matter). Same with many other media formats (xvid, x264, etc).

        I think in your experience with *bsds, you didn't try the ports syst

  • by voss (52565) on Saturday April 18, 2009 @06:05PM (#27630563)

    Not encryption or top secret stuff.

    Any of the major linux distros should work fine., unicode tibetan is supported.

  • by funkapus (80229) on Saturday April 18, 2009 @06:10PM (#27630631) Homepage

    First of all, converting the Dalai Lama to Linux is about the coolest IT project I've ever heard of, so congratulations

    That aside, there are practical considerations and there are philosophical ones you'll want to consider. Practically speaking, no platform is 100% secure. Linux has historically been more secure than Windows. MS has made a lot of progress in the last decade or so.

    The question is, do you prefer the closed-source approach or the open-source one? Would you rather the problems be hidden away, or laid out for all to find? In the closed-source scenario, knowledge of exploits may be less common, but that cuts two ways. Less attackers will be aware of an exploit, but less defenders will be aware of it as well. That may well result in the exploits that do occur being much more severe.

    Beyond those practical considerations, which approach fits better with the values of the Tibetan community and the Dalai Lama in particular? In my mind, open source is the embodiment of non-attachment.

  • by armer (533337) <glenn@vander@veer.gmail@com> on Saturday April 18, 2009 @06:11PM (#27630639)
    I am Suleman , IT Manager of Zenith Bank, Lagos, Nigeria. I have urgent and very confidential business proposition for you. On June 6, 1997, a Foreign IT consultant/contractor with the Nigerian National IT Corporation, Mr. Barry Kelly made a numbered time (Fixed) request for twelve calendar months, for a secure OS. Upon maturity, I sent a routine notification to his forwarding address but got no reply. After a month, we sent a reminder and finally we discovered from his contract employers, the Nigerian National IT Corporation that Mr. Barry Kelly died from an automobile accident. On further investigation, I found out that he died without making a WILL, and all attempts to trace his next of kin was fruitless. I therefore made further investigation and discovered that Mr. Barry Kelly did not declare any kin or relations in all his official documents, including his Bank Deposit paperwork in my Bank. This sum of US$26,500,000.00 has carefully been moved out of my bank to a security company for safe-keeping. Consequently, my proposal is that I will like you as an Foreigner to stand in as the owner of the money I deposited it in a security company in two trunk boxes though the security company does not know the contents of the boxes as I tagged them to be photographic materials for export. This is simple. I will like you to provide immediately your full names and address so that the Attorney will prepare the necessary documents which will put you in place as the as the owner of the boxes. The money will be moved out for us to share in the ratio of 60% for me and 40% for you. There is no risk at all as all the paperworks for this transaction will be done by the Attorney and this will guarantees the successful execution of this transaction. If you are interested, please reply immediately via my email address.And also send your Telephone and fax numbers so that we can have a smooth communication. Upon your response, I shall then provide you with more details and relevant documents that will help you understand the transaction. Awaiting your urgent reply via my email. PLS REPLY TO MY PRAVATE BOX suleman775@mailsurf.com Thanks and regards. Dr.Suleman .
  • Bias (Score:5, Insightful)

    by Tubal-Cain (1289912) on Saturday April 18, 2009 @06:11PM (#27630651) Journal

    A Secure OS For the Dalai Lama?

    I have absolutely no idea what Slashdot will say to a question like that.

  • Not only the DL (Score:2, Informative)

    by DeltaQH (717204)
    Also the German government would be interested.
    A very similar penetration was detected on IT infrastructure of several German govt. agencies no long ago.
    Lots of internal information where uploaded to the internet before it was detected and stopped

    An the trail seemed to lead... you know where.
  • by heybuddy (1494711) on Saturday April 18, 2009 @06:19PM (#27630729)
    Apparently this Vista [slashdot.org] thing is the most secure os on the planet.
  • Mac OS X or openBSD (Score:3, Interesting)

    by zerobeat (628744) on Saturday April 18, 2009 @06:22PM (#27630757) Homepage
    Mac OSX might be more secure than windows and may be easier for non technical people (if the TGIE is lacking expertise) to get up and running. Alternatively, use openBSD - quite hard to get fully functional, but the expertise to get it there means anyone who does should have requisite skills to keep the Tibetan Government safe from certain foreign governments. Also, you may find the openBSD people will gladly help with this poltical agenda. Z/
  • Something that helps (Score:5, Interesting)

    by DeltaQH (717204) on Saturday April 18, 2009 @06:24PM (#27630775)
    Boot always from an trusted, read only media, like CD/DVD or locked USB thumb drive.

    Media should contain not only OS but applications in trusted configuration. No updates allowed from outside trusted entities

    Use only boot media provided from trusted entity

    Maybe use also something like tripwire to detect change in the OS/applications files checking changes by comparing sensitive file

    Full encryption on sensitive data/drives
  • by belmolis (702863) <billposer@nOSpam.alum.mit.edu> on Saturday April 18, 2009 @06:26PM (#27630781) Homepage

    The obvious solution is Yellow Hat GNU/Linux [stallman.org].

    Seriously, this is a great project. Surely the appropriate solution is a version of either GNU/Linux, such as SELinux, or OpenBSD [openbsd.org]. No system is entirely secure, but the idea that MS Windows could be as secure as GNU/Linux or BSD is wild.

  • Diversify! (Score:3, Insightful)

    by uffe_nordholm (1187961) on Saturday April 18, 2009 @06:30PM (#27630821)
    If it were up to me to decide, I would go for the broadest possible range of OSes: Windows, Mac, Linux, Unix, BSD, BeOS....

    The reason is simple: if an outside attacker can't predict what they will meet, it's much harder to get in.

    And if you can get the various OSes to masquerade as each other when replying to outside queries, so much the better: an attacker could be trying to use known Mac vulnerabilities to enter a machine that from the outside looks and behaves like a Mac, but actually runs Windows or Linux.
  • fonts? (Score:3, Informative)

    by belmolis (702863) <billposer@nOSpam.alum.mit.edu> on Saturday April 18, 2009 @06:38PM (#27630869) Homepage

    I'm a little surprised to hear that there is no good Tibetan font. Here is a list of Unicode-encoded Tibetan fonts [alanwood.net], mostly both free and libre. Do none of them meet the need?

    • Re: (Score:3, Informative)

      by zmrow (1516737)

      I'm a little surprised to hear that there is no good Tibetan font. Here is a list of Unicode-encoded Tibetan fonts [alanwood.net], mostly both free and libre. Do none of them meet the need?

      I agree-- It appears they are possibly misinformed about fonts. There are at least 2 very good True Type Unicode Tibetan fonts-- "Tibetan Machine Unicode" and "Jomolhari", both of which are more attractive, as well as more advanced in their development than Microsoft's "Himalaya" font.

  • by Aurisor (932566) on Saturday April 18, 2009 @06:41PM (#27630907) Homepage

    it is essentially less difficult to write exploits for Mac OS/Linux than it is for Windows

    Why would it be more difficult to "write" (aka implement) exploits for one operating system than another? You should be worried about how hard it is to find exploits and how quickly they're fixed.

    Assuming for the moment all you care about is the actual security of your software (excluding implementation details, mis-configurations, etc), the real metric you want to be looking at is the frequency of discovery of serious vulnerabilities and the span of time from first (non-public) discovery (which may not be knowable) and the appearance of a patch you could use. Looking merely at "remote root exploits / year" and "mean time to patch remote root exploit" might not be a bad place to start.

    Also, you need to think about the actual design of the operating systems in question. Without tipping my hand too much, some might say that the Unix user/superuser distinction is something Microsoft could learn from.

    That being said, though, I'll tell you my opinions.

    Netbsd has one of the best track records in the industry with regards to server security. The security of *nix, in general, scales directly with the intelligence of the people managing it. You can get decently far with Windows and just doing things 'by the book,' but it's got all the typical problems of monoculture and a well-deserved poor reputation.

    A group of very intelligent, very technical network admins are nearly unstoppable given linux and sufficient control. A group of very intelligent people can probably make do with Windows too. Windows configured by average people may in some cases be better than Linux configured by average people.

    In any event, just from reading your question, I doubt you are technical enough to undertake this at a nuts-and-bolts level. You kind of came here asking "Is Linux or Windows more secure?" You bet your ass I have an opinion on the matter, but the problem is, so does everyone else. You need to find highly intelligent people, and then use your common sense and analytical thinking to weigh their arguments. In short, stop thinking as if the answer to your question would provide security; find smart people experienced in securing things and then evaluate the tools (operating systems) as they relate to your immediate ends.

  • Red Flag (Score:5, Funny)

    by McGiraf (196030) on Saturday April 18, 2009 @06:53PM (#27631011) Homepage

    Red Flag Linux ? ;)

  • by anomnomnomymous (1321267) on Saturday April 18, 2009 @07:05PM (#27631123)
    Now let me do a bit of that myself too, since I think that it's unjust that each time the Dalai Lama is mentioned, people think he's all for justice.
    For a bit more balance in the whole story, have a look at this video [youtube.com].
    Anyone willing to debunk this, you're welcome; As I still have quite a quarrel with each time the Dalai Lama gets mentioned as some sort of Saint.

    (This does not reflect my opinion on the whole Tibet/China debacle; I think that's as bad as it is)
  • by SerpentMage (13390) <ChristianHGross&yahoo,ca> on Saturday April 18, 2009 @07:08PM (#27631153)

    The problem here is probably one of process and not operating system.

    One of the ways that I manage my systems is to create a zone where hackers may go, and not go.

    For example, I use a good firewall. That firewalls is allowed to communicate to another firewall. Between the two firewalls is my take down zone. This means if they happen to break through the firewall all they will get are servers that can be taken down anyways.

    These take down servers are virtual machine based. So if a machine goes down, who shives a ghit because you just shut down the VM, copy the old one and restart it.

    The second firewall is a non entry firewall. That means there is absolutely no way at all to get through it from the outside. Only those behind the second firewall may communicate outside. And if I need to communicate to a trusted source outside the first firewall I setup a VPN server between the two firewalls. If somebody manages to hack that VPN server, you just take it down, setup new keys, restart and away you go.

    By not allowing any communication into the second firewall you stop outside hackers. Then to allow communications from the inside to the outside you setup proxy servers that are trusted to communicate to the outside. Only those proxy servers may communicate with the outside world. Without those proxy servers the inside users are cut off, but you have created a wall where you can control the entries and exits.

    • by Creepy Crawler (680178) on Saturday April 18, 2009 @09:19PM (#27632103)

      ---One of the ways that I manage my systems is to create a zone where hackers may go, and not go.

      The only way to guarantee that is by an air gap. If data can travel in both directions, it can gone to.

      ---For example, I use a good firewall. That firewalls is allowed to communicate to another firewall. Between the two firewalls is my take down zone. This means if they happen to break through the firewall all they will get are servers that can be taken down anyways.

      ---These take down servers are virtual machine based. So if a machine goes down, who shives a ghit because you just shut down the VM, copy the old one and restart it.

      Lets assume what you say is correct. First, what protections do you have vs the hypervisor running the VMs? How do you prevent starvation of resources by de-fragmenting ill formed packets? If you don't "correct broken packets", then what prevents a fragrouter-like attack right through your network?

      As per your answer of shutting down and reloading, that is not an answer to bad rules that can almost never work, for they will persist until you fix them. Then, when you bring them up, they will be hopped over again.

      (trimmed gobbledegook about unhackable firewalls)

      You can think that you have an unhackable setup. Fine. Perhaps you will investigate what I said, and might take action to test what I claim. But aside that you are probably just as vulnerable as the rest. All that has to really be done is your border router feed bad updates to machines requesting OS updates. Of course, crypto signatures will catch that they don't sign, but that's where we use old packages with known vulnerabilities. I'm sure in your course of duty you don't check the package date, nor do most update programs. Or, perhaps somethings watching for passwords on your external firewall. There's a nice tool called dsniff that does just that.

      In the real world, if you want an unhackable network, you build the network with no external connections. It's as simple as that. The military understands that. Power companies understand that. Industrial control designers understand that. If you want to have a facade that you somehow can super-firewall so that no hacker can get in, so be it. Whatever you put on the internet can potentially end up everywhere. Just look at Wolverine Workprint or multitudes of sex tapes or other media. I'm sure there's some Presidential Helicopter schematics going around in Islamic areas right now, according to my sources.

  • by dangitman (862676) on Saturday April 18, 2009 @07:34PM (#27631387)
    His Holiness merely needs to look inside his heart, and ask himself; "What is the sound of one server booting?" and then he will know the answer to which platform he should choose. Personally, I think he should go with Amiga. After all, Guru Meditation is what the Lama is all about.
  • BEOS (Score:3, Insightful)

    by syousef (465911) on Saturday April 18, 2009 @07:52PM (#27631513) Journal

    Hardly any exploits at all.

    Oh you wanted a USABLE OS? Well you'll need to tell me what it's going to be used for.

  • I smell bacon! (Score:4, Insightful)

    by Dreadneck (982170) on Saturday April 18, 2009 @08:15PM (#27631673)

    This entire article smells like flamebait to me. I'm going to sit back and watch it burn.

  • by StormReaver (59959) on Saturday April 18, 2009 @10:27PM (#27632587)

    The first thing you need to determine is just how secure you want your Linux to be, how much control you want, and how much expertise you can muster to implement those security policies. If you want total control and have a staff with high technical expertise, then you may want to go with Linux From Scratch [linuxfromscratch.org]. You'll have total control (and total responsibility) for everything, but it's going to require a lot of work.

    On the other end is (K)ubuntu, PCLinuxOS, Mandriva, and other easy to use Linux distributions. Setup and maintenance are very easy, but they are managed outside of your direct control. You can always boot from read-only media or run the system (slowly) from CD or DVD, though. Outside of creating your own operating system and applications, though, you're probably going to have to compromise on total control. In that case, any of these distributions are more or less on equal security footing; all of them are good choices.

    How paranoid you are will go a long way towards deciding which distribution you want to use.

  • by gzipped_tar (1151931) on Saturday April 18, 2009 @10:45PM (#27632737) Journal

    yum install tibetan-machine-uni-fonts

    Of course you may hate YUM but the package is available for other distros as well. Even if you are using Windows (download the font from the url: http://www.thlib.org/tools/#wiki=/access/wiki/site/26a34146-33a6-48ce-001e-f16ce7908a6a/tibetan%20machine%20uni.html [thlib.org])

  • by gd (86983) on Sunday April 19, 2009 @01:28AM (#27633789)

    ... you need to choose a competent admin. Remember, security is a process, not a product ...

  • by obarthelemy (160321) on Sunday April 19, 2009 @01:49AM (#27633891)

    It's not about the OS. I've had Windows servers remain safe for years, and Linux servers be subverted in days.

    Security is an eco-system, not an OS, for example:
    - granting and removing access rights, in a very conservative and up-to-date manner
    - keeping an audit trail of every access
    - locking confidential info so it never gets onto a laptop's HD
    - having backups
    - securing every cog and wheel of the system: client PCs, routers, servers, backups, admin stations...
    - locking down the weakest point: users (weak passwords, copied files, printouts, espionage...)
    - and many more issues.

    In the big picture, the OS is fairly irrelevant. It's only a very small part of the whole system. The whole "we need to be safe - let's switch to Linux" is wrong and shows a tremendous lack of understanding of the issues.

  • by joe 155 (937621) on Sunday April 19, 2009 @05:22AM (#27634767) Journal
    What I would try and convince the people of who you are working with is that security is a continuum running from almost totally secure to almost completely insecure (to the extent that there is such a thing), so in reality pretty much no OS will be completely secure. What is interesting, I think, is that usability is inversely related to security. If you imagine that an OS which wouldn't allow you to write to the disk and wouldn't allow you on the internet you can imagine that when security is that high you'll get almost no usability.

    with that in mind I would advocate trading a lot of usability for security - you could have an encrypted disk and run a terminal with something like nano and lynx installed - this would be pretty damn secure especially if you were running it on fairly secure hardware (did Intel ever fix the security issue that theo de raat was talking about in the Core 2s?) with something like OpenBSD as the core. This, I think would allow you (after some modifications) to allow pretty robust security. A downside though is that I'm pretty sure you might be compelled to run in English as I'm not sure how good the language support is for this sort of thing (with no GUI I can't imagine it would be great). Even so, I think if your data security is important (and lets face it, in this situation it probably is) then the trade-off might be worth while.

    Of course, perhaps the more gaping hole in security is the user themselves, who could always reveal all the information they had to anyone... XKCD said it better - http://xkcd.com/538/ [xkcd.com]

In order to dial out, it is necessary to broaden one's dimension.

Working...