Dear sankarshan,
Thanks for the highly insightful and informative response to my article.
I respectfully disagree with your suggestion that a national distribution
is a worthless concept.
You are correct to point out that highly secure installations should run
custom distros, and follow lock-down policies.
However, I am talking about bringing the entire machinery of government to
a pragmatic level of security.
Hence a national distribution is not such a bad idea, IMHO.
Read this article on how China is doing it, and why India should follow
suit.
http://bit.ly/chinalinux
I look forward to hearing from you, either on this channel, or privately.
Best Regards,
- Ashwin.
On Thu, Apr 4, 2013 at 8:00 PM, Sankarshan Mukhopadhyay <
sankarshan.mukhopadhyay at gmail.com> wrote:
On Fri, Apr 5, 2013 at 7:56 AM, Ganesha Computes
<ganeshacomputes at gmail.com> wrote:
I have written an article to share with you:
http://bit.ly/security_must
"I recommend standardizing on a GNU/Linux distribution, preferably of
Ubuntu lineage. If desired, a national distribution might be created."
There exist well documented security standards
<http://iase.disa.mil/stigs/os/unix/red_hat.html> for example which
can be readily adopted. This concept of a "national distribution" has
been mulled over for at least the past 6 years. Creating a
distribution is remarkably easy - in fact, all it takes is a manifest
file for packages you'd want in and, a set of customizations you'd
want. It is creating the entire set of ISV applications,
certifications, support, security audit that is the expensive part of
the gambit.
"A national distribution" is a fallacy that ends up wasting a lot of
money, making unfortunate noise and, being completely worthless.
Highly secure installations run their custom versions of distributions
and, follow remarkable lock-down principles. Meanwhile, you should
also take a look at <http://www.isecom.org/research/osstmm.html>
--
sankarshan mukhopadhyay
<https://twitter.com/#!/sankarshan>
_______________________________________________
ILUGC Mailing List:
http://www.ae.iitm.ac.in/mailman/listinfo/ilugc