Penetration Testing mailing list archives

Re: ideal OS distro for network scanning?

From: wrhaynes () gmail com
Date: 15 Jan 2006 18:37:47 -0000

Well the most secure OS is going to be the one that you patch and update, not necessarily OpenBSD. I used to be an
OpenBSD fan but no longer because I've been using FreeBSD for over 4 years now with 0 regret. FreeBSD is much more
useable and actually remendously easier to upgrade/patch because of the great ports system. And for the most part, it's
the applications that are vulnerable not the OS so which distro is more of a specific questiong that you need to dial
in on. BSD in general is probably a small notch above the rest and using a 'server-install' of something like Ubuntu
which maintains and distributes rigorous updates instantly, you'll also probably find exactly what you're looking for.
-Securing it would be best to just do the most minimal installation possible and install ONLY what you need.
-Optimize the kernel
-Install Firewall with strict rules,
-Keep the box up to date...

All of these things can be done best with FreeBSD or Ubuntu for example. I choose Ubuntu over Debian because they sync
and stabalize code from Debian's "Unstable" tree which means the apps are WAY more current.

I choose FreeBSD over OpenBSD/NetBSD/Dragonfly because of cvsup and portupgrade. Portupgrade let's the you build EVERY
installed app from new patched/updated source from the cvs servers. Which with a good kernel setup, gives you a killer
performance machine WITH all of the latest patches. Kernel config is much easier in BSD IMHO, but no too difficult
wherever you go.

--Bill

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

ideal OS distro for network scanning? offset (Jan 15)
- Re: ideal OS distro for network scanning? Andrew Simmons (Jan 15)
- RE: ideal OS distro for network scanning? Lyal Collins (Jan 18)
- <Possible follow-ups>
- RE: ideal OS distro for network scanning? Michael Scheidell (Jan 15)
- Re: ideal OS distro for network scanning? wrhaynes (Jan 15)
  - Re: ideal OS distro for network scanning? Pete Herzog (Jan 16)