On Mon, 2001-09-17 at 18:11, Dustin Puryear wrote:
> Don't get me wrong, I run *a lot* more Linux servers than NT servers
> over here, but I think it's misleading when someone states simply that
> Linux "is more secure" or "has better security." What does that mean?
First off, I agree. Those kinds of statements should be backed up with
some sort of proof. And usually the proof is very subjective. Having
said that, I'd like to add my own subjective observations to the
discussion. :)
Unix (and "Unix-like" for the purist) operating systems offer a simpler
environment to create and maintain a security posture. This is
especially apparent while hardening a host.
A good friend of mine has published a couple of great guides on
hardening WinNT (and Win2K) hosts. He refers to the process as
"gracefully breaking the OS." The problem is that Microsoft components
are mysteriously, and sometimes illogically interlinked; I'm inclined to
call it a monolithic environment. In this environment, you are not
privy to the inner workings of the OS and are not meant to fiddle with
it. Components are put in place and are expected to be there.
Sometimes seemingly non-related components are highly dependent on each
other. Removing the wrong component has dire consequences to the
functionality of your host (thankfully others have already traversed
that minefield and published maps in the form of hardening guides).
Maintaining a security posture in this monolithic environment adds
additional challenge. Adding or removing components forces you to go
through the hardening process again to ensure purposefully removed
components haven't been identified as missing and re-installed. It
might be worth mentioning that adding components also requires the
administrator to re-apply any service packs or hot-fixes. So the
monolithic environment takes its toll on expected behavior as well as
those who make the additional effort to harden a Windows host.
Unix (and by association Linux) offers a much more modular environment.
Components are usually fairly well defined and easy to install or remove
as required (I seem to remember ONCE running in to an unexpected
situation with a Solaris 2.6 package dependency - it struck me as being
a rarity in the Unix world). Once you remove a component, its gone. It
won't sneak back in with a patch or when you install an unrelated
component (though you must install patches to any new components). In
short, this modular environment makes it easier to define a security
posture and maintain it.
Its an overly simplified statement to make, but this personal experience
leads me to trust Linux as being "more secure" than Windows. Of course,
either Windows or Linux can be secured or mismanaged. Its just a
question of which environment lends itself to security.
Oh... and if you REALLY want security... I'd suggest looking at OpenBSD.
:)
--
.: Paul Hosking . [EMAIL PROTECTED]
.: InfoSec
.: PGP KeyID: 0x42F93AE9
.: 7B86 4F79 E496 2775 7945 FA81 8D94 196D 42F9 3AE
