Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
Re: [suse-security] [newbie:] Secure development environment
  • From: Steffen Dettmer <steffen@xxxxxxx>
  • Date: Wed, 14 Feb 2001 12:12:30 +0100
  • Message-id: <20010214121230.J4807@xxxxxxxxx>
* Andreas Otto wrote on Tue, Feb 13, 2001 at 09:34 +0000:
> Guess I didn't express what we want to do. And for sure we have
> different understandings of the term "secure development environment".

I see. You don't want to develop security-certified software but
have a secure workplace.

> Here is what we want to do with the box:
> Since we will start a "case study" about tele-working the CVS
> repository should be reachable from the "outside world" as well from
> within our network. Therefore I thought using SSH for connecting to
> the box might be a good idea.

Yep, SSH or VPN.

> Later we will have IBM Websphere and a DB2 Database running on the
> machine.

Probably the DB get's connected by localhost only? That's good
for firewalling, just block it :)

> So all in all it is more a Webserver but I will still try to make it
> as secure as possible. Which is as I understand a big compromise in
> terms of convenience.

I would never recommend to use such a machine as CVS Server,
if your sources are important. You have to thing with the
possibility of a root compromize of this box if you offer a lot
of public services. Webserver or CGI or whatever may have bugs,
and SSH and all the code.

I would suggest to use two hosts: on secured for development and
one public accessible for demonstrations (or whatever). The
developer could use a webserver only accessible by localhost (but
it's slow to use a browser via SSH X11 Forwarding :)). Maybe you
could r/o export a directory via NFS to the Webserver or similar.
Of course you should block as much as possible by the firewall in
front of the servers.



Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.

< Previous Next >
This Thread