Home page logo
/

basics logo Security Basics mailing list archives

RE: Linux Distribution Recomendation
From: "Rod Trent" <rodtrent () yahoo com>
Date: Mon, 8 Mar 2004 17:55:28 -0500

Not to get into a debate on MS versus Open Source, but the OS's are as
secure as you make them.  The majority of reported vulnerabilities and
patches come from the Open Source side of the industry, so out of the box
being secure, doesn't really hold water.

Those that use Open Source software are generally more technically
competent, and understand how to better secure their computing environment.

Windows XP SP2 will really put a dent in the perception. 

-----Original Message-----
From: Michael Gale [mailto:michael () bluesuperman com] 
Sent: Saturday, March 06, 2004 3:54 PM
To: security-basics () securityfocus com
Subject: Re: Linux Distribution Recomendation


So ... what is a normal Linux or Unix system and how is the security rather
poor ? I would consider a FreeBSD system to be a normal Unix system in too
days perspective and it's level of security as compared with other operating
systems is very secure.

You figure for a start up company today you have 3 main OS choices:

Unix version - FreeBSD, OpenBSD, NetBSD

Linux version - Slackware, .....


Microsoft Windows - Win2000, WinXp, Win2003 ..

No in order to say a OS is not secure would you not need to have base line,
which would be the average ?

So the way I look at it, if you came up with a base line for security based
on available out of the box OS you can install. The Unix and Linux version
would make up the top 30% for being the most secure while Microsoft is
falling farther behind.

Michael.


On Thu, 4 Mar 2004 10:24:20 +0100
peter () devbox adamantix org (Peter Busser) wrote:

Hi!

I like Slackware myself ( http://www.slackware.com/ ).  It is as 
close to pure Linux as you can get.  It's getting easier to manage 
also.  As far as security goes, that depends largely on the admin 
but, Slackware requires far fewer patches and upgrades than more 
well known varients because they don't rewrite everything before 
releasing it.

Security does not depend on the admin alone. The system can never be 
more secure than the level of security that the underlying software is 
able to provide.

The security of a normal Linux or UNIX system is rather poor. UNIX was 
designed for a benign environment, with friendly users and a trusted 
administrator. This environment is completely different from the 
Internet as we know it today. And therefore the security of normal 
Linux or UNIX systems is not adequate for use on the Internet.

The security of a piece of software does not end with the 
implementation of security features in this piece of software. Most 
software requires configuration. And that goes for Slackware too. My 
experience with Slackware has taught me that Slackware is particularly 
weak in this area. It needs a lot of handwork. Since handwork is done 
by humans, and humans tend to err now and then, it will eventually 
result in a higher number of configuration mistakes.

The vision behind Adamantix is to improve the overall security 
features of the system, so that an administrator can use them to 
secure his system(s). And also to make managing these features easier, 
so that the administrator can do a better job with less effort.

Groetjes,
Peter Busser

---------------------------------------------------------------------
------ Ethical Hacking at the InfoSec Institute. Mention this ad and 
get $545 off any course! All of our class sizes are guaranteed to be 
10 students or less to facilitate one-on-one interaction with one of 
our expert instructors. Attend a course taught by an expert instructor 
with years of in-the-field pen testing experience in our state of the 
art hacking lab. Master the skills of an Ethical Hacker to better 
assess the security of your organization. Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
---------------------------------------------------------------------
-------



--
Hand over the Slackware CD's and back AWAY from the computer, your geek
rights have been revoked !!!

Michael Gale
Slackware user :)
Bluesuperman.com 

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills of an Ethical Hacker to better assess the security of your
organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault