l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
January 6: Social gathering
Next Installfest:
TBD
Latest News:
Nov. 18: Club officer elections
Page last updated:
2001 Dec 30 17:03

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox-tech] Re: OpenBSD and Security
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox-tech] Re: OpenBSD and Security



The observation was that as a tool, OpenBSD is the best one for the job
emphasizing security. Of course it goes without saying that a good tool in
inept hands is worthless -- that's a vacuous argument. The right tool
certainly saves time and effort.
Stating that "security is a process" is implicit in any serious discussion
of security.

You could attempt to write your own file integrity checker, but why do so
when you can use Tripwire? That is the appropriate tool for that job ... and
much easier than, say, rolling your own perl scripts (assuming you can ge
the same functionality).

Given the same process and effort, it is easier to secure OpenBSD than
Linux. It is also true that OpenBSD has a better security track record than
Linux ... how many default OpenBSD installations have been cracked in the
last few years? I've seen Linux distros get cracked within 15 minutes of
setup. In this context, discussing the security of various operating systems
is not at all vacuous ... especially if your make your living sysadmining
them.

You won't ever make your systems impossible to crack. But you can certainly
make yourself a tougher target by applying patches, reducing your risk, and
using appropriate tools for the job (e.g. OpenBSD, nmap, tripwire, etc).

--Adam

----- Original Message -----
From: "Peter Jay Salzman" <p@dirac.org>
To: <vox-tech@franz.mother.com>
Sent: Wednesday, April 11, 2001 10:19 PM
Subject: Re: [vox-tech] [john_zie_99@yahoo.com: help needed]


> i would just like to say that making the statement that one OS is "more
> secure than another", at this level, is a fairly vacuous statement.
>
> security is a process, not a state of being.  consider a dumb openbsd
admin
> and a smart linux admin and guess who has the more secure server?  what
> happens to the bsd admin who leaves security alone for a year because he
> knows he has "a very secure OS"?
>
> there are also other issues.   linux SMP is lightyears ahead of bsd.
> the only linux compatibility benchmarks i've seen come from bsd
developers,
> who have shown themselves to be ... well, wierdos.
>
> pete
>
>
> On Wed 11 Apr 01,  9:29 PM, Adam Getchell said:
> > If you want security, the best tool for the job is OpenBSD.
> >
> > It doesn't support multiple processors, and OpenBSD 2.7 was a bit
limited in
> > RAID card selection, but 2.8 supports some commonly found vendor RAID
cards
> > (Dell and Compaq), although my system has an ICP-Vortex.
> >
> > If you want performance on Intel architecture, rumor has it FreeBSD is
the
> > fastest (being optimized for Intel), so perhaps you may not want to move
to
> > Linux.
> >
> > Linux, as far as I can tell, is getting pretty good at having programs
> > written for it. Although OpenBSD (and perhaps other BSDs) do offer Linux
> > compatibility.
> >
> > There are "secure" versions of Linux out there (Bastille hardening
scripts
> > for Red Hat and now the NSA's version) but I think intensive proactive
> > source code audits is a pretty good mechanism.
> >
> > --Adam
> >
>
> --
> "Coffee... I've conquered the Borg on coffee!"               p@dirac.org
>        -- Kathryn Janeway on the virtues of coffee
www.dirac.org/p
>


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!