l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 7: Social gathering
Next Installfest:
TBD
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2001 Dec 30 17:03

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Re: OpenBSD and Security
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Re: OpenBSD and Security



> In a sense, much more resistant to many of the bugs out there, out-of-the-box, 
>before hardening, because of all the work done prior to your installing the system.

I don't see how this is true.  Openbsd has the same security problems
in sendmail, named, openssh, ftpd that the rest of the distributions
have.  Either they don't do line by line security audits of PORTS
or they miss the security holes just like the rest of the world.  Line
by line audits help, are hardly foolproof, and many people do them.

> No, definitely not. OpenBSD, I believe, is quantifiably more secure (again, 
>out-of-the-box) than Linux is. I think this is fairly common knowledge among those 
>who care to take an interest in such things. That does not mean Linux can't be made 
>highly secure... or is somehow an "inferior" OS (such as Windows!).

Openbsd has something like 25 security problems with 2.7: 
        http://www.openbsd.com/errata27.html

You can configure redhat with similar functionality during installation
and would have a similar number of security problems.   I see minimal
difference between checking a package for installation and doing
similar under PORTS.

Of those I know who take an interest in such things, they install whatever
OS they choose, install the latest patches, turn off ALL network services,
turn on ssh, THEN put the machine on the net.  Then they start installing/
configuring the functionality they need, making sure it's 100% up to
date (often distributions use slightly old versions), configuring it
for maximum security, make sure it runs as a user with minimum privileges
etc.

Then they take proactive measures, monitoring file checksums, tracking
access logs, analyzing network traffic etc.

Redhat provides MD5 checksums and CryptoSigned packages to help insure the
integrity of a system package or binary, not that other OS's/distributions
don't.

--
Bill


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!