[Tfug] Multiple distros for security?
Matt Jacob
matt at mattjacob.com
Fri Jan 23 10:27:51 MST 2009
On Fri, Jan 23, 2009 at 10:14 AM, Brian Murphy
<murphy+tfug at email.arizona.edu> wrote:
> Being less familiar with a distro and dividing your focus in 3
> directions is worse than locking down a single distro. Because it's
That's my feeling. All of us are familiar with Debian, but we only
have varying levels of fringe knowledge about other distros.
Obviously, I can hop on any system and do basic tasks, but for
security stuff, I prefer to stick with what I know.
> is an additional step to a secure DNS implementation. Seperate your
> external facing authoritative servers (the ones in the NS records) from
> your internal-only facing recursive servers (the ones config'd in
> resolv.conf/windows control panel/DHCP).
Actually, that's what our implementation plan calls for. The recursive
servers are running dnscache and the authoritative servers are running
PowerDNS. It's a little trickier than firewalling off the recursive
servers, though. Those need to be customer-facing and
publicly-accessible.
Now it's just a matter of convincing the co-workers, but I know some
of them are TFUG members, so I'll keep my mouth shut and let the list
do the talking. :-)
Matt
More information about the tfug
mailing list