Check out http://www.attrition.org/mirror/attrition/
Interesting to read the history files. It would appear that nearly half of
compromised servers are NOT Wintels. Which says a lot about the security of
ALL operating systems.
Chuck
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 07, 2001 8:09 PM
To: [EMAIL PROTECTED]
Subject: Re: linux on a 2500 ? Was: Programming under IOS [7:3362]
Of course if the source is open, it has more eyes looking at it (than say M$
software which seems to be having a new security announcement every week
right now).
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
""Allen May"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Being a Libra I have to agree & disagree about open source. Open source
> also allows the good hackers to find exploits much more easily by reverse
> engineering the whole process. Open source is very cool for application
> design but gives too much information to those with more destructive
> tendencies.
>
> Just my re-contribution of 2 cents out of my stockpile I collected ;)
>
> ----- Original Message -----
> From: "Control Program"
> To:
> Sent: Sunday, May 06, 2001 9:19 PM
> Subject: Re: linux on a 2500 ? Was: Programming under IOS [7:3362]
>
>
> > On Sun, May 06, 2001 at 01:28:25PM -0400, Chuck Larrieu wrote:
> > > Without getting into the relative merits of router running open versus
> > > closed code, or the obvious cost issue, what would be the advantage
of
> a
> > > Linux OS versus IOS?
> >
> > Why not consider open versus closed source code? The public
availability
> of
> > operating system source code is an enormous advantage that Linux systems
> > (and a variety of others like Mach and the FreeBSD/NetBSD/OpenBSD
family)
> > have over their proprietary counterparts. Source availability enables
> rapid
> > development by allowing for higher-quality feedback from people who
aren't
> > directly involved with development. Anyone, anywhere, can submit a
patch
> to
> > the development team - as well as to the public - to correct a bug or
add
> a
> > feature. This has proved invaluable in security circles; in some cases,
> > kernel-level fixes have been written and made available within two to
> three
> > hours of the discovery of a new security vulnerability.
> >
> > Source availability allows for advanced troubleshooting in the event
that
> > you trace your problem to an operating system bug. With proprietary
> > alternatives, your only recourse is to notify technical support and hope
> the
> > developers get around to fixing your bug before it's too late to matter.
> > The same reasoning applies to adding new features or customizations.
> >
> > It is rapidly becoming clear that public availability of program source
> code
> > directly affects the quality of that code. Such availability
effectively
> > distributes the 'development load' among many more people, with all the
> > attendant benefits that distributed processing implies.
> >
> > Some other immediate benefits of using something like a Linux-based
system
> > on router hardware include instant support for and compatibility with
> > existing OS file formats and filesystem types; a much greater ability to
> > 'tune' your kernel image to your specific situation, providing decreased
> > image size and situationally-optimized performance; the potential for
much
> > more advanced user interface features; and immediately available tools
> that
> > can be easily modified and cross-compiled to run on router hardware
> > (tcpdump, packet generators, netcat, intrusion detection utilities,
...).
> >
> >
> > > Doesn't the "OS" have to be an inherent part of the "IOS" in any case?
I
> > > presume that Cisco boxes operate as do any Von Neuman based
> architectures,
> > > and that the IOS is really more an application that is loaded via the
> boot
> > > proms, where the "operating system" resides? Am I completely out of
the
> > > water here?
> >
> > I don't know if you're out of the water, but I was unable to make sense
of
> > this paragraph. Perhaps you mean to ask about the difference between
IOS
> > and other operating systems like Unix/Linux? In that case, there's
really
> > no difference at all - IOS is an operating system like any other,
although
> > more specialized than Unix. Unix does, however, separates the kernel
> > (low-level hardware support, core I/O, and processor and memory
> management)
> > from user-level applications such as the shell (CLI), shared libraries,
> and
> > daemon processes such as inetd (the Internet protocol super-server) and
> > cron. Because of its historically specialized nature, IOS melds
'kernel'
> > functionality with 'application' functionality.
> >
> > Experience has shown that the modular design approach scales much better
> in
> > the long run.
> >
> >
> > > In raw terms of what is happening on a router, does a Linux based OS
> versus
> > > whatever the Cisco IOS is really matter? in terms of code size? In
terms
> of
> > > router speed?
> >
> > This is purely a 'one OS against another' issue. Is Windows 2000
'better'
> > than Linux if you have an Intel box? Despite the religious handwaving
of
> > the advocacy-inclined, the fact is it depends on what you want to do.
> >
> > In addition and again, having more than one alternative available has
> > historically proven vastly beneficial to hardware lifetime and
acceptance.
> >
> >
> > > The IOS, as best I can guess, has it's roots in C.
> >
> > It is written in C (and assembler), as is Linux.
> >
> >
> > > web link below, there aren't a lot of features in these Linux OS's
> either.
> > > I suppose over time that will be resolved, but at what cost in terms
of
> OS
> > > image size?
> >
> > As discussed earlier, image size is much less of a concern with Linux
> right
> > now than IOS. The ability to situationally optimize a given image
allows
> > you to include exactly the features you need, contributing to efficiency
> in
> > space (image size and memory footprint) and time (performance).
> >
> > Furthermore, the Linux architectural approach is modular. Most kernel
> > functions are now available as loadable modules which can be dynamically
> > loaded and unloaded during runtime.
> >
> >
> > > writing for a Cisco box, they have to ensure compatibility in every
> > > way shape and form with other Cisco boxes,
> >
> > What kind of compatibility? Network protocol-wise? That's the reason
why
> > standards and open specifications exist - they promote interoperability.
> > That's why, in a different OS implementation, you'll get OSPF and BGP,
but
> > not EIGRP.
> >
> > In the realm of the 'implementation dependent,' there are bound to be
> > interoperability issues. This transcends the 'Linux vs. IOS' question;
> it's
> > a general fact of "intercomputing." The Linux people are probably more
> > experienced at generating 'illicit compatibility' (interoperability in
> spite
> > of the unavailability of specifications, design documents or source
code)
> > than anyone else.
> >
> >
> > --
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3537&t=3362
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
