stephan beal wrote:
On Tuesday 19 September 2006 15:12, Joachim Schrod wrote:
Background: I need to upgrade the SUSE installation on my firewall which has only 128 MB memory.
If that machine is only a route/firewall, then there are better solutions out there than Suse. For example, a quick google turns up: http://www.devil-linux.org/home/index.php
This depends on many factors, as part of a risk assessment. Distributions like Devil Linux have some technical advantages. First of all the read-only file system, but also stack smash protection, better chroot support, etc. On the other hand, the update processes and frequency have no good track record. An automated patch processes doesn't even exist. There are also non-technical factors to consider: familiarity of staff with a given Linux distributions (many handle system and service configuration slightly differently), integration in existing IT processes for other systems, duplication of work (one has to track an additional distribution for problems). All in all, for the specific environment (no high security profile, no incoming commercial transactions) that I have here, the bigger security aspects are not sufficient to counter the process, familiarity, and integration disadvantages. We already have a SUSE configuration for such a firewall (a stripped down minimal installation), and deem that sufficient for the task at hand. I don't want to switch from SUSE, thus my question. Besides, if I would have to switch distributions due to the increased resource demands of ZEN/rug, I would rather switch to a Debian-based system, as this integrates better with processes for other existing systems. That's an important part of my experience: In security, good processes are more important than good tools. :-) Best, Joachim -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joachim Schrod Email: jschrod@acm.org Roedermark, Germany