Sorry, close but no cigar. Your sources are all excellent and still very good, but they are all based on a system that tries to limit what users can do. Would it not be better to use an approach that said no to everything, except what you granted permissions to. This is indeed a shameless plug for our product, but Trustifier is the Linux answer to MS fud and all manners of articles such as this one.

You can bolt down any Linux server with a new technology, called Trustifier Security Engine, which is a kernel level policy enforcer.

You can load Trustifier on a running Linux box and configure it in minutes. It converts the o/s into a trusted operating system,complete with mandatory access controls and fine grain auditing of all system users. It provides a layer of core security that protects against all internal and external attacks, all o/s and application layer vulnerabilities. It features the next evolution in intrusion counter-measures.

Googgle Trustifier and see for yourself. There are a couple of pdfs on the site including a white paper. Then tell me that the Linux kernel can not be made secure.



[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/296/30390#30390