UnderLinux: Interview Elias Levy (BugTraq's Aleph1)
Sep 13, 2001, 12:16 (0 Talkback[s])
WEBINAR: On-demand Event
Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >
UnderLinux : In a general focus what
is more secure Gnu/Linux or OpenBSD ? Or other OS ?
Aleph1 : That is a pointless question without
some context. For example, certainly the OpenBSD folks have done an
incredible job creating a secure and stable operating system - an
effort that should be emulated by others - but the application you
are looking to run many not be supported under it. The most secure
OS depends on your requirements.
Even with OpenBSD's success the UNIX security model is very
simplistic. You can certainly write secure applications - see qmail
and postfix for examples - but they require a lot of effort. Linux
is interesting because the are so many groups exploring alternative
security models: privileges, acls, subdomain, SELinux, etc.
NT had potential. It has an interesting security model, but the
legacy code, insecure defaults, complexity, and lack of security
savvy by application programmers used to the Windows and DOS world
have left it with a rather bad track record.
You must also take into account how well the people
administrating the system knows the technology. You can have the
most secure OS but if its misconfigured it will be useless.
Conversely, a good admin is capable to hardening a sloppy OS."
- TruSecure and Red Hat Co-Author White Paper Addressing the State of Open Source Security(Sep 11, 2001)
- ZDNet: New Unix worm could be next Code Red(Sep 10, 2001)
- Kurt Seifried: Linux Administrator's Security Guide (LASG) updated(Sep 05, 2001)
- UnixReview: Real World Linux Security: Intrusion Prevention, Detection, and Recovery [Book Review](Sep 03, 2001)
- Help Net Security: A Comment on Bugtracking(Sep 02, 2001)
- LinuxPlanet: .comment: The Great, the Pretty Bad, and the Breathtakingly Stupid(Aug 08, 2001)
- Net-Security.org: Installation of a Secure Web Server(Jul 28, 2001)
- eWeek: Apache avoids most security woes(Jul 24, 2001)