This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
Subject: Re: Linux Security From: Frank Carreiro <fcarreiro@keylabs.com> Date: Wed, 31 May 2000 16:51:59 +0000 On Wed, 31 May 2000, Krikofer wrote: > > Hi. My friend had told me that Linux does not have a good firewall. > Linux can be broken into easily (according to his job's system > administrator). Would any of you know if this is true? He says his > friend likes Linux. Any facts? While no system is 100% secure, I've tweaked my linux system to the point that most people simply give up when trying to break into my Linux box. I run SAINT and nmape on a regular basis and check my logs regularly. I've seen people port scan me and try all sorts of tricks to get in. After a few minutes they seem to simply give up in favor of those systems with less secure setups (why spend hours to get into nothing?). Point is this, you setup outta the box a linux system and don't tweak it your inviting problems. Same goes for Windoze. No service packs? Your again inviting problems. Heck, Micro$oft recommends staying up to the latest service packs? Why? The same reason you need to tweak your system and keep up to date. Things change ... always go. Frank www.xmission.com/~dmacleod === Subject: Re: Linux Security From: Alan Mead <adm@ipat.com> Date: Wed, 31 May 2000 13:44:52 -0500 At 01:12 AM 5/31/00 , Krikofer wrote: >Hi. My friend had told me that Linux does not have a good >firewall. Linux can be broken into easily (according to his job's system >administrator). Would any of you know if this is true? He says his >friend likes Linux. Any facts? > >CH This is a topic sure to get a lot of comments. Ditto what everyone said. Let me add that I don't know what a "good firewall" is but it sounds obviously wrong. So there's one fact. Next, I've seen studies on the web that suggest that Microsoft's server security is worse than Linux. What they did was to monitor the date when a vulnerability in a service was posted to bugtraq and the date when a fix became available from the service's vendor. One study compared Red Hat, Microsoft, and Sun. More recently I saw a study that just tracked vulnerabilities that included apple and other operating systems. The perception that Microsoft OS's are written and deployed with fewer vulnerabilities or that they fix them "better" is apparently factually incorrect. The facts actually encourage the opposite view. Leaving facts aside, there is certainly the perception that Unix is more vulnerable but I think that's just a perception. As far as I can tell, the level of acumen of the sys admin is the biggest factor, probably the lion's share, of the variance in security. So from a security perspective, it may be adaptive for untrained, unskilled sys admins from installing mission-critical applications on Linux machines. But I think security has to be viewed in proper context; Linux offers a lot of other advantages and I'm guessing that 95% of Linux knowledge and skills are acquired by installing Linux and running it. In fact, getting cracked is a pretty good way to learn about security. ===