11 Aug
2013
11 Aug
'13
10:51 a.m.
On Sun, Aug 11, 2013 at 5:27 AM, coderman <coderman@gmail.com> wrote:
if i were to summarize what i have found effective against dedicated and resourceful attackers (again, i can't go into details :) this would be the top 5:
1. use a common distro, but rebuild critical components - bootloader, initramfs, openssl, openssh, the kernel, gnutls, libgmp, use 64bit, etc.
By "rebuild" do you mean compile it yourself or are you talking full-up review and rewrite? The former should be no problem for anyone capable of setting up a secure hosting service. The latter is probably beyond the means of small teams in any commercially reasonable timeframe. -- Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209