Jump to content

Security-focused operating system: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
Undid revision 874313063 by 185.43.245.37 (talk) addition without sourced article, non-neutral language
Eponyme13 (talk | contribs)
Distinction between security and forensics OSes the latter being removed and added to list of digital forensics tools article
Line 80: Line 80:


=== Debian-based ===
=== Debian-based ===

* [[Kali Linux]] is a Debian-derived Linux distribution designed for digital forensics and penetration testing, formerly known as [[BackTrack]].<ref>{{cite web
| url = http://www.offensive-security.com/kali-distribution/kali-linux-released/
| title = Kali Linux Has Been Released!
| date = 12 March 2013
| accessdate = 18 March 2013
| archive-url = https://web.archive.org/web/20130509043312/http://www.offensive-security.com/kali-distribution/kali-linux-released/
| archive-date = 9 May 2013
| dead-url = no
| df =
}}</ref>

* [[Parrot Security OS]] is a [[cloud computing|cloud-oriented]] GNU/Linux distribution based on Debian and designed to perform security and penetration tests, do forensic analysis, or act in anonymity. It uses the MATE Desktop Environment, Linux Kernel 4.6 or higher and it is available as a live lightweight installable ISO image for 32-bit, 64-bit and ARM processors with forensic options at boot, optimizations for programmers, and new custom pentesting tools.{{Citation needed|date=October 2016}}

* [[Subgraph (operating system)|Subgraph]] is a Linux-based operating system designed to be resistant to surveillance and interference by sophisticated adversaries over the Internet. Subgraph OS is designed with features which aim to reduce the attack surface of the operating system, and increase the difficulty required to carry out certain classes of attack. This is accomplished through system hardening and a proactive, ongoing focus on security and attack resistance. Subgraph OS also places emphasis on ensuring the integrity of installed software packages through [[deterministic compilation]]. Subgraph OS features a kernel hardened with the [[Grsecurity]] and [[PaX]] patchset, [[Linux namespaces]], and [[Xpra]] for application containment, mandatory file system encryption using [[LUKS]], resistance to cold boot attacks, and is configured by default to isolate network communications for installed applications to independent circuits on the [[Tor (anonymity network)|Tor anonymity network]].{{Citation needed|date=October 2016}}
* [[Subgraph (operating system)|Subgraph]] is a Linux-based operating system designed to be resistant to surveillance and interference by sophisticated adversaries over the Internet. Subgraph OS is designed with features which aim to reduce the attack surface of the operating system, and increase the difficulty required to carry out certain classes of attack. This is accomplished through system hardening and a proactive, ongoing focus on security and attack resistance. Subgraph OS also places emphasis on ensuring the integrity of installed software packages through [[deterministic compilation]]. Subgraph OS features a kernel hardened with the [[Grsecurity]] and [[PaX]] patchset, [[Linux namespaces]], and [[Xpra]] for application containment, mandatory file system encryption using [[LUKS]], resistance to cold boot attacks, and is configured by default to isolate network communications for installed applications to independent circuits on the [[Tor (anonymity network)|Tor anonymity network]].{{Citation needed|date=October 2016}}


Line 140: Line 126:


=== Gentoo-based ===
=== Gentoo-based ===
* [[Pentoo]] Penetration Testing Overlay and Livecd is a live CD and Live USB designed for penetration testing and security assessment. Based on Gentoo Linux, Pentoo is provided both as 32-bit and 64-bit installable live cd. Pentoo also is available as an overlay for an existing Gentoo installation. It features packet injection patched wifi drivers, GPGPU cracking software, and lots of tools for penetration testing and security assessment. The Pentoo kernel includes grsecurity and PAX hardening and extra patches – with binaries compiled from a hardened toolchain with the latest nightly versions of some tools available.<ref>{{Cite web
| url = https://www.kitploit.com/2015/09/pentoo-2015-security-focused-livecd.html
| title = Pentoo 2015 – Security-Focused Livecd based on Gentoo
| access-date = 1 July 2018
| archive-url = https://web.archive.org/web/20180701164934/https://www.kitploit.com/2015/09/pentoo-2015-security-focused-livecd.html
| archive-date = 1 July 2018
| dead-url = no
| df =
}}</ref>

* [[Tin Hat Linux]] is derived from [[Hardened Gentoo]] Linux. It aims to provide a very secure, stable, and fast [[Desktop computer|desktop]] environment that lives purely in [[List of Linux distributions that run from RAM|RAM]].<ref name="TinHatHome">{{cite web
* [[Tin Hat Linux]] is derived from [[Hardened Gentoo]] Linux. It aims to provide a very secure, stable, and fast [[Desktop computer|desktop]] environment that lives purely in [[List of Linux distributions that run from RAM|RAM]].<ref name="TinHatHome">{{cite web
|url = http://tinhat.sourceforge.net
|url = http://tinhat.sourceforge.net

Revision as of 20:40, 27 December 2018


This is a list of operating systems specifically focused on security. General-purpose operating systems may be secure in practice, without being specifically "security-focused".

Similar concepts include security-evaluated operating systems that have achieved certification from an auditing organization, and trusted operating systems that provide sufficient support for multilevel security and evidence of correctness to meet a particular set of requirements.

Linux

Android-based

  • Replicant is a FOSS operating system based on the Android mobile platform, which aims to replace all proprietary Android components with their free software counterparts. It is available for several smartphones and tablet computers.[1][2][3][4] In March 2014, the Replicant project announced the discovery of a backdoor present in a wide range of Samsung Galaxy products that allows the baseband processor to read and write the device's storage,[5][6] sometimes with normal user privileges and sometimes as the root user, depending on device model.[7] It is not generally known whether Samsung's proprietary firmware for the radio chip can be remotely instructed to use these access features and the intentions of creating such a backdoor.

Debian-based

  • Subgraph is a Linux-based operating system designed to be resistant to surveillance and interference by sophisticated adversaries over the Internet. Subgraph OS is designed with features which aim to reduce the attack surface of the operating system, and increase the difficulty required to carry out certain classes of attack. This is accomplished through system hardening and a proactive, ongoing focus on security and attack resistance. Subgraph OS also places emphasis on ensuring the integrity of installed software packages through deterministic compilation. Subgraph OS features a kernel hardened with the Grsecurity and PaX patchset, Linux namespaces, and Xpra for application containment, mandatory file system encryption using LUKS, resistance to cold boot attacks, and is configured by default to isolate network communications for installed applications to independent circuits on the Tor anonymity network.[citation needed]
  • Tails is a security-focused Linux distribution aimed at preserving privacy and anonymity.[8]
  • Whonix[9][10] is an anonymous general purpose operating system based on VirtualBox, Debian GNU/Linux and Tor. By Whonix design, IP and DNS leaks are impossible. Not even Malware as Superuser can find out the user's real IP address/location. This is because Whonix consists of two (virtual) machines. One machine solely runs Tor and acts as a gateway, called Whonix-Gateway. The other machine, called Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible.

Fedora-based

  • Qubes OS is a desktop operating system based around the Xen hypervisor that allows grouping programs into a number of isolated sandboxes (virtual machines) to provide security. Windows for programs running within these sandboxes ("security domains") can be color coded for easy recognition. The security domains are configurable, they can be transient (changes to the file system will not be preserved), and their network connection can be routed through special virtual machines (for example one that only provides Tor networking). The operating system provides secure mechanisms for copy and paste and for copying files between the security domains.[11]

Gentoo-based

Other Linux distributions

  • Annvix was originally forked from Mandriva to provide a security-focused server distribution that employs ProPolice protection, hardened configuration, and a small footprint. There were plans to include full support for the RSBAC mandatory access control system. However, Annvix is dormant, with the last version being released on 30 December 2007.[13]
  • BackBox is a penetration test and security assessment oriented Ubuntu-based Linux distribution providing a network and informatic systems analysis toolkit. BackBox desktop environment includes a complete set of tools required for ethical hacking and security testing.
  • EnGarde Secure Linux is a secure platform designed for servers. It has had a browser-based tool for MAC using SELinux since 2003. Additionally, it can be accompanied with Web, DNS, and email enterprise applications, specifically focusing on security without any unnecessary software. The community platform of EnGarde Secure Linux is the bleeding-edge version freely available for download.[citation needed]
  • Immunix was a commercial distribution of Linux focused heavily on security. They supplied many systems of their own making, including StackGuard; cryptographic signing of executables; race condition patches; and format string exploit guarding code. Immunix traditionally releases older versions of their distribution free for non-commercial use. The Immunix distribution itself is licensed under two licenses: The Immunix commercial and non-commercial licenses. Many tools within are GPL, however; as is the kernel.[citation needed]

BSD-based

  • TrustedBSD is a sub-project of FreeBSD designed to add trusted operating system extensions, targeting the Common Criteria for Information Technology Security Evaluation (see also Orange Book). Its main focuses are working on access control lists, event auditing, extended attributes, mandatory access controls, and fine-grained capabilities. Since access control lists are known to be confronted with the confused deputy problem, capabilities are a different way to avoid this issue. As part of the TrustedBSD project, there is also a port of NSA's FLASK/TE implementation to run on FreeBSD. Many of these trusted extensions have been integrated into the main FreeBSD branch starting at 5.x.

Object-capability systems

These operating systems are all engineered around the object-capabilities security paradigm, where instead of having the system deciding if an access request should be granted the bundling of authority and designation makes it impossible to request anything not legitimate.

Solaris-based

  • Trusted Solaris was a security-focused version of the Solaris Unix operating system. Aimed primarily at the government computing sector, Trusted Solaris adds detailed auditing of all tasks, pluggable authentication, mandatory access control, additional physical authentication devices, and fine-grained access control. Trusted Solaris is Common Criteria certified.[15][16] The most recent version, Trusted Solaris 8 (released 2000), received the EAL4 certification level augmented by a number of protection profiles. Telnet was vulnerable to buffer overflow exploits until patched in April 2001.[17]

Windows Server

Starting with Windows Server 2008, Windows Server has added an installation option called "Server Core", in which the traditional graphical user interface is not installed. Administration, in Windows Server 2008, should rely on Windows Command Prompt. Roles and components are then installed individually. This option reduces the Windows Server footprint, the result of which is reduced demand on system resources and reduced number of components that could potentially be exploited via potential security vulnerabilities.[18]

Later, with Windows Server 2016, Microsoft introduced a Nano Server installation option with even more reduced footprint. It is headless and does not support a locally connected keyboard and monitor.[19] Nano Server in Windows Server 1709 (the constantly updated sibling of Windows Server 2016) can only be installed in a container.[20]

See also

References

  1. ^ "Overview – Replicant". Redmine.replicant.us. Archived from the original on 8 October 2013. Retrieved 30 September 2013. {{cite web}}: Unknown parameter |dead-url= ignored (|url-status= suggested) (help)
  2. ^ Paul Kocialkowski (4 February 2012). "WikiStart – Replicant". Redmine.replicant.us. Archived from the original on 4 October 2013. Retrieved 30 September 2013. {{cite web}}: Unknown parameter |dead-url= ignored (|url-status= suggested) (help)
  3. ^ "Android and Users' Freedom – GNU Project – Free Software Foundation". Gnu.org. Archived from the original on 27 September 2013. Retrieved 30 September 2013. {{cite web}}: Unknown parameter |dead-url= ignored (|url-status= suggested) (help)
  4. ^ "About". Replicant project. Archived from the original on 26 September 2013. Retrieved 30 September 2013. {{cite web}}: Unknown parameter |deadurl= ignored (|url-status= suggested) (help)
  5. ^ Don Reisinger (13 March 2014). "Samsung Galaxy devices may have backdoor to user data, developer says". CNET. Archived from the original on 27 April 2014. Retrieved 25 April 2014. {{cite web}}: Unknown parameter |dead-url= ignored (|url-status= suggested) (help)
  6. ^ Michael Larabel (12 March 2014). "Replicant Developers Find Backdoor in Android Samsung Galaxy Devices". Phoronix. Archived from the original on 30 March 2014. Retrieved 25 April 2014. {{cite web}}: Unknown parameter |dead-url= ignored (|url-status= suggested) (help)
  7. ^ Paul Kocialkowski. "Samsung Galaxy Back-door". Replicant Wiki. Archived from the original on 6 April 2014. Retrieved 25 April 2014.
  8. ^ Vervloesem, Koen (27 April 2011). "The Amnesic Incognito Live System: A live CD for anonymity [LWN.net]". lwn.net. Archived from the original on 21 August 2017. Retrieved 14 June 2017. {{cite web}}: Italic or bold markup not allowed in: |website= (help); Unknown parameter |dead-url= ignored (|url-status= suggested) (help)
  9. ^ "Whonix/Whonix". GitHub. Archived from the original on 25 November 2016. Retrieved 9 April 2018. {{cite web}}: Unknown parameter |dead-url= ignored (|url-status= suggested) (help)
  10. ^ "Whonix: An OS for the era of Anonymous and Wikileaks". computerworld.com.au. Archived from the original on 7 November 2017. Retrieved 9 April 2018. {{cite web}}: Italic or bold markup not allowed in: |website= (help); Unknown parameter |dead-url= ignored (|url-status= suggested) (help)
  11. ^ "Redirecting..." qubes-os.org. Archived from the original on 3 May 2017. Retrieved 30 April 2017. {{cite web}}: Cite uses generic title (help); Unknown parameter |dead-url= ignored (|url-status= suggested) (help)
  12. ^ "Tin Hat". D'Youville College. Archived from the original on 3 March 2016. Retrieved 4 September 2015. {{cite web}}: Unknown parameter |dead-url= ignored (|url-status= suggested) (help)
  13. ^ "Annvix: A stable, secure, no-frills server distro". Linux.com | The source for Linux information. 16 January 2008. Archived from the original on 24 July 2018. Retrieved 24 July 2018. {{cite web}}: Unknown parameter |dead-url= ignored (|url-status= suggested) (help)
  14. ^ "Pledge() - A New Mitigation Mechanism". Retrieved 8 October 2018.
  15. ^ "Sun Common Criteria Certification". archive.org. 13 October 2004. Archived from the original on 13 October 2004. Retrieved 9 April 2018. {{cite web}}: Italic or bold markup not allowed in: |website= (help); Unknown parameter |deadurl= ignored (|url-status= suggested) (help)
  16. ^ "Wayback Machine". archive.org. 12 March 2007. Archived from the original on 12 March 2007. Retrieved 9 April 2018. {{cite web}}: Italic or bold markup not allowed in: |website= (help); Unknown parameter |deadurl= ignored (|url-status= suggested) (help)
  17. ^ "Sun Patch: Trusted Solaris 8 4/01: in.telnet patch". 4 October 2002. Retrieved 13 August 2012. 4734086 in.telnetd vulnerable to buffer overflow ?? (Solaris bug 4483514)[permanent dead link]
  18. ^ Lohr, Heidi (1 November 2017). "What is Server Core 2008". Docs. Microsoft. Archived from the original on 27 January 2018. Retrieved 27 January 2018. {{cite web}}: Unknown parameter |dead-url= ignored (|url-status= suggested) (help)
  19. ^ Poggemeyer, Liza; Hall, Justin (6 September 2017). "Install Nano Server". Docs. Microsoft. Archived from the original on 27 January 2018. Retrieved 27 January 2018. {{cite web}}: Unknown parameter |dead-url= ignored (|url-status= suggested) (help)
  20. ^ Poggemeyer, Liza; Lich, Brian. "Changes to Nano Server in Windows Server Semi-Annual Channel". Docs. Microsoft. Archived from the original on 27 January 2018. Retrieved 27 January 2018. {{cite web}}: Unknown parameter |dead-url= ignored (|url-status= suggested) (help)