no 'commodity' OS is 'secure' Re: [Beowulf] Which distro for the cluster?

Gerry Creager N5JXS gerry.creager at tamu.edu
Wed Jan 10 07:22:40 PST 2007


Just to whine a bit for the sake of accuracy, the C-130 isn't a piston 
aircraft and never has been. It's a turboprop... a turbine-powered 
aircraft where the shaft drives a propeller.

Your first three points are good ones, though.

gerry

Mike Davis wrote:
> 1. Any OS can be made more secure.
> 2. Good Security is "Security in depth."
> 3. The perfect is the enemy of the "good enough."
> 
> I would note that turbocharged piston engine aircraft are still in use 
> militarily, commercially, and recreationally. One of the reasons for the 
> fact that the C-130 is approaching an operational life of 50 years is 
> that it can do things that C-141's, C5's, and C-20's can't. The same is 
> true for linux and even (Ugh) windows.
> 
> The only secure computer is the one in the vault, with dedicated power 
> and its HD stored in a safe when not in use. This is not the most 
> practical approach for either a business or a research institution. So, 
> we design for security at the border, subnet, and host levels. We test 
> and audit. We monitor, we mirror data online and on tape. We do many 
> other things as well. This is one of the things that admins get paid for.
> 
> Now, if the question is "can I compromise one of the systems?", the 
> answer is yes. I've been using unix for more than 20 years and used 
> mainframes and minis before that. Some of the same methods used to gain 
> mainframe access will still work with a few modifications. But,.my 
> abilities do not inherently make these systems insecure.
> 
> 
> Mike Davis
> 
> Andrew Piskorski wrote:
> 
>> On Sun, Jan 07, 2007 at 03:49:50PM -0500, Robert G. Brown wrote:
>>
>>  
>>
>>> I completely agree with this.  As I pointed out earlier in the thread,
>>> companies such as banks make "conservative" seem downright radical when
>>> it comes to OS upgrades.  They have to do a complete, thorough,
>>> comprehensive security audit to change ANYTHING on their machines -- as
>>> a requirement in federal law, IIRC.  To get them to take you seriously,
>>> you MUST be prepared to support the OS they install on (once it is
>>> successfully audited) forever -- until the hardware itself falls apart
>>> into itty-bitty bits.
>>>   
>>
>>
>> And yet these same hyper-'secure' organizations are running Microsoft
>> Windows, Linux, and/or Unix on these super important, super 'secure',
>> mission-critical boxes?  Frankly, that's oxymoronic.  It sounds
>> suspiciously like decision making driven by what the rules and
>> paperwork says you're supposed to do (aka, CYA), and/or general
>> myopia, rather than a sound assessment of what the right solution to
>> the real problem actually is.
>>
>> We all know that Windows is (much) less secure than Linux, and Linux
>> is presumably less secure than OpenBSD.  But if you take a step back
>> and look at the bigger picture, OpenBSD and MS Windows are both in the
>> same bin, and that bin is labeled, "inherently unreliable and insecure
>> operating systems".
>>
>> OpenBSD calls itself "ultra-secure", which is like calling the most
>> advanced World War II piston-engined fighter planes "ultra-fast".
>> Yes, it's true, more or less - as long as you're only talking about
>> other piston engined aircraft, and are content to ignore the existence
>> of jets and rockets.
>>
>> It's not something I know much about, but I am told that much more
>> reliable and secure operating systems do exist, and have been
>> commercially successfull in niche markets, both now and in the past.
>> Niche markets like, say, the OS that runs your advanced pacemaker,
>> some network routers, or aerospace systems.
>>
>> Now, I assume that using any such non-mainstream system is probably
>> (so far, to date) significantly more painful, annoying, and thus
>> expensive than just running Linux.  (And thus is unlikely to be
>> appropriate for a Beowulf cluster.)
>>
>> But if you're a huge organization already throwing millions of dollars
>> into horribly painful manual re-audits of even trivial updates to
>> "commodity" operating systems for mission-critical "highly secure"
>> applications, then I strongly suspect that you're already well into
>> the same cost range where investing those $millions into the use of
>> secure-by-design systems might well make much more sense.
>>
>> At some point, no matter how much you like Otto-cycle engines, putting
>> more and more money and effort into carefully tuning and inspecting
>> your turbo-supercharged, nitrous oxide injected, hand polished and
>> streamlined, piston-engined aircraft simply no longer makes sense.  If
>> you care that much, you should be looking into jets...
>>
>> Like I said, I don't really know much about such secure-by-design
>> systems, but I've come across thought provoking discussion in various
>> places, including:
>>
>>  http://www.coyotos.org/docs/osverify-2004/osverify-2004.html
>>  http://www.coyotos.org/docs/misc/linus-rebuttal.html
>>  http://www.eros-os.org/pipermail/cap-talk/2001-July/000604.html
>>  http://www.erights.org/talks/captp4omg/captp4omg/sld008.htm
>>  http://zesty.ca/capmyths/
>>
>>  
>>
> 
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org
> To change your subscription (digest mode or unsubscribe) visit 
> http://www.beowulf.org/mailman/listinfo/beowulf

-- 
Gerry Creager -- gerry.creager at tamu.edu
Texas Mesonet -- AATLT, Texas A&M University	
Cell: 979.229.5301 Office: 979.458.4020 FAX: 979.862.3983
Office: 1700 Research Parkway Ste 160, TAMU, College Station, TX 77843



More information about the Beowulf mailing list