Abstract
www.bastille-linux.org/jay/egovos.txt In most enterprise security efforts, we spend much of our time reacting to vulnerabilities. Whether this takes the form of patching or reactive firewalling or responding to compromised machines, it's definitely not very efficient. Proactive work can massively reduce the time we must spend chasing vulnerabilities - the savings in time, money and stress are palpable.  Bastille Linux  host-level proactive security work , an Open Source tool with over 300,000 downloads, helps an organization do . It focuses on tightening, or "locking down," the security settings on Linux/Unix machines to greatly decrease its risk of compromise. It does this by non-destructively deactivating unused operating system components or configuring them to more closely match the needs of the organizations users. This can be thought of in terms of policy creation and enforcement. To these ends, Bastille also works to educate the organization's system administrators so they'll make smarter policy and practice decisions in their everyday practice. System tightening in general, and Bastille in specific, does not change the fundamental nature of the system, making it much easier to adopt than specialized Trusted operating systems. This talk will explore the need for this work, the strengths of this method, and how it interacts positively with Trusted operating systems. |