EvilZone
General Tech => Operating System => : proxx May 15, 2014, 01:02:41 PM
-
Ello,
So eventhough I consider myself rather familiar in the linux field and have some experience on BSD I would like to have some opinions.
Basically for a project I need a super hardend box that will expose a single port to the webs.
I know there are some distros that claim to be 'hardend' etc etc etc.
So basically I am wondering if I should go for a BSD, BSD is also questioned when it comes to security, perhaps as much as linux, opinions?
Perhaps openindiana, minix, soo many options.
Currently my thoughts go to a CentOS server install , layer 2 and 3/4 firewalling, just a single remapped SSH port exposed, private keys locked with 4086 RSA cypher, blowfish encryption.
Plus once inside the tunnel another layer of encryption.
I will be doing port forwarding over SSH which is not quite optimal when it comes to speed , especially compared to openVPN or IPSec but it is quite secure and very much on-the-fly and no need for additional routing etc.
Any thoughts or tips?
-
Not sure if it at all what you are looking for but awhile back I had built a pentest distro which had 0 "real" open ports out of the box. The only exposed ports were honeypots set up by "artillery", a linux IDS/IPS script. This of course could be changed to suit your needs.
If you are at all interested, PM me for a link to it.
Pentest distro's are something different all together.
Most 'security distros' are completely unsecure.
-
OpenBSD. Enough said. Look up the rest.
-
OpenBSD. Enough said. Look up the rest.
That is indeed one of the candidates I was looking at.
-
You might want to look into kernel hardening
Here are some helpful links
http://grsecurity.net/
https://wiki.archlinux.org/index.php/grsecurity
http://wiki.centos.org/HowTos/SELinux