Re: Linux Distribution Recomendation

[Michael Gale <michael () bluesuperman com>]

So ... what is a normal Linux or Unix system and how is the security
rather poor ? I would consider a FreeBSD system to be a normal Unix
system in too days perspective and it's level of security as compared
with other operating systems is very secure.

You figure for a start up company today you have 3 main OS choices:

Unix version - FreeBSD, OpenBSD, NetBSD

Linux version - Slackware, .....


Microsoft Windows - Win2000, WinXp, Win2003 ..

No in order to say a OS is not secure would you not need to have base
line, which would be the average ?

So the way I look at it, if you came up with a base line for security
based on available out of the box OS you can install. The Unix and Linux
version would make up the top 30% for being the most secure while
Microsoft is falling farther behind.

Michael.


On Thu, 4 Mar 2004 10:24:20 +0100
peter () devbox adamantix org (Peter Busser) wrote:

> Hi!
>
> > I like Slackware myself ( http://www.slackware.com/ ).  It is as
> > close to pure Linux as you can get.  It's getting easier to manage
> > also.  As far as security goes, that depends largely on the admin
> > but, Slackware requires far fewer patches and upgrades than more
> > well known varients because they don't rewrite everything before
> > releasing it.
>
> Security does not depend on the admin alone. The system can never be
> more secure than the level of security that the underlying software is
> able to provide.
>
> The security of a normal Linux or UNIX system is rather poor. UNIX was
> designed for a benign environment, with friendly users and a trusted
> administrator. This environment is completely different from the
> Internet as we know it today. And therefore the security of normal
> Linux or UNIX systems is not adequate for use on the Internet.
>
> The security of a piece of software does not end with the
> implementation of security features in this piece of software. Most
> software requires configuration. And that goes for Slackware too. My
> experience with Slackware has taught me that Slackware is particularly
> weak in this area. It needs a lot of handwork. Since handwork is done
> by humans, and humans tend to err now and then, it will eventually
> result in a higher number of configuration mistakes.
>
> The vision behind Adamantix is to improve the overall security
> features of the system, so that an administrator can use them to
> secure his system(s). And also to make managing these features easier,
> so that the administrator can do a better job with less effort.
>
> Groetjes,
> Peter Busser
>
> ---------------------------------------------------------------------
> ------ Ethical Hacking at the InfoSec Institute. Mention this ad and
> get $545 off any course! All of our class sizes are guaranteed to be
> 10 students or less to facilitate one-on-one interaction with one of
> our expert instructors. Attend a course taught by an expert instructor
> with years of in-the-field pen testing experience in our state of the
> art hacking lab. Master the skills of an Ethical Hacker to better
> assess the security of your organization. Visit us at: 
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ---------------------------------------------------------------------
> -------


-- 
Hand over the Slackware CD's and back AWAY from the computer, your geek
rights have been revoked !!!

Michael Gale
Slackware user :)
Bluesuperman.com 

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------