no 'commodity' OS is 'secure' Re: [Beowulf] Which distro for the cluster?
Gerry Creager N5JXS
gerry.creager at tamu.edu
Wed Jan 10 10:22:40 EST 2007
Just to whine a bit for the sake of accuracy, the C-130 isn't a piston
aircraft and never has been. It's a turboprop... a turbine-powered
aircraft where the shaft drives a propeller.
Your first three points are good ones, though.
Mike Davis wrote:
> 1. Any OS can be made more secure.
> 2. Good Security is "Security in depth."
> 3. The perfect is the enemy of the "good enough."
> I would note that turbocharged piston engine aircraft are still in use
> militarily, commercially, and recreationally. One of the reasons for the
> fact that the C-130 is approaching an operational life of 50 years is
> that it can do things that C-141's, C5's, and C-20's can't. The same is
> true for linux and even (Ugh) windows.
> The only secure computer is the one in the vault, with dedicated power
> and its HD stored in a safe when not in use. This is not the most
> practical approach for either a business or a research institution. So,
> we design for security at the border, subnet, and host levels. We test
> and audit. We monitor, we mirror data online and on tape. We do many
> other things as well. This is one of the things that admins get paid for.
> Now, if the question is "can I compromise one of the systems?", the
> answer is yes. I've been using unix for more than 20 years and used
> mainframes and minis before that. Some of the same methods used to gain
> mainframe access will still work with a few modifications. But,.my
> abilities do not inherently make these systems insecure.
> Mike Davis
> Andrew Piskorski wrote:
>> On Sun, Jan 07, 2007 at 03:49:50PM -0500, Robert G. Brown wrote:
>>> I completely agree with this. As I pointed out earlier in the thread,
>>> companies such as banks make "conservative" seem downright radical when
>>> it comes to OS upgrades. They have to do a complete, thorough,
>>> comprehensive security audit to change ANYTHING on their machines -- as
>>> a requirement in federal law, IIRC. To get them to take you seriously,
>>> you MUST be prepared to support the OS they install on (once it is
>>> successfully audited) forever -- until the hardware itself falls apart
>>> into itty-bitty bits.
>> And yet these same hyper-'secure' organizations are running Microsoft
>> Windows, Linux, and/or Unix on these super important, super 'secure',
>> mission-critical boxes? Frankly, that's oxymoronic. It sounds
>> suspiciously like decision making driven by what the rules and
>> paperwork says you're supposed to do (aka, CYA), and/or general
>> myopia, rather than a sound assessment of what the right solution to
>> the real problem actually is.
>> We all know that Windows is (much) less secure than Linux, and Linux
>> is presumably less secure than OpenBSD. But if you take a step back
>> and look at the bigger picture, OpenBSD and MS Windows are both in the
>> same bin, and that bin is labeled, "inherently unreliable and insecure
>> operating systems".
>> OpenBSD calls itself "ultra-secure", which is like calling the most
>> advanced World War II piston-engined fighter planes "ultra-fast".
>> Yes, it's true, more or less - as long as you're only talking about
>> other piston engined aircraft, and are content to ignore the existence
>> of jets and rockets.
>> It's not something I know much about, but I am told that much more
>> reliable and secure operating systems do exist, and have been
>> commercially successfull in niche markets, both now and in the past.
>> Niche markets like, say, the OS that runs your advanced pacemaker,
>> some network routers, or aerospace systems.
>> Now, I assume that using any such non-mainstream system is probably
>> (so far, to date) significantly more painful, annoying, and thus
>> expensive than just running Linux. (And thus is unlikely to be
>> appropriate for a Beowulf cluster.)
>> But if you're a huge organization already throwing millions of dollars
>> into horribly painful manual re-audits of even trivial updates to
>> "commodity" operating systems for mission-critical "highly secure"
>> applications, then I strongly suspect that you're already well into
>> the same cost range where investing those $millions into the use of
>> secure-by-design systems might well make much more sense.
>> At some point, no matter how much you like Otto-cycle engines, putting
>> more and more money and effort into carefully tuning and inspecting
>> your turbo-supercharged, nitrous oxide injected, hand polished and
>> streamlined, piston-engined aircraft simply no longer makes sense. If
>> you care that much, you should be looking into jets...
>> Like I said, I don't really know much about such secure-by-design
>> systems, but I've come across thought provoking discussion in various
>> places, including:
> Beowulf mailing list, Beowulf at beowulf.org
> To change your subscription (digest mode or unsubscribe) visit
Gerry Creager -- gerry.creager at tamu.edu
Texas Mesonet -- AATLT, Texas A&M University
Cell: 979.229.5301 Office: 979.458.4020 FAX: 979.862.3983
Office: 1700 Research Parkway Ste 160, TAMU, College Station, TX 77843
Beowulf mailing list, Beowulf at beowulf.org
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
More information about the Beowulf