httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sweere, Kevin E CTR USAF AFRL/RYT" <Kevin.Swe...@WPAFB.AF.MIL>
Subject A fundamentally secure Apache server, any interest?
Date Mon, 16 Nov 2009 13:42:52 GMT
Greetings,
 
I work for the US Air Force.  We have a prototype that dramatically,
fundamentally increases a web server's security.  
 
We run an Apache server within a minimized, user-level-only, Linux variant
only within RAM and from only a DVD (no harddrive).  With no shells, hackers
have nowhere to go.  With no persistent memory, malware has no place to
reside.  A simple reboot restores the website to a pristine state within
minutes.  
 
Because a LiveDVD holds the OS, apps and content, its best for static,
non-interactive, low-volume, high-value, highly-targeted websites.  Any
change means burning a new DVD, but this also makes testing easier and less
noisy.  Logs are tricky to extract. 
 
While it has worked well, some of us believe its usability drawbacks (e.g.
limited ability to receive input from users, every change needs a new DVD)
outweigh its great security benefits making it unmarketable (in govt or
industry) and thus just another prototype to leave on the shelf.
 
I'm curious what your group thinks.  Thanks in advance -- I don't quite know
with whom to discuss this idea.
 
Kevin Sweere
 
 
 
 

Mime
View raw message