|
-
November 4th, 2004, 07:07 AM
#131
The study also reveals that Linux has become the most breached 24/7
online computing environment in terms of manual hacker attacks overall
and accounts for 65.64% of all breaches recorded, with 154,846
successfully compromised Linux 24/7 online computers of all flavours.
http://www.mi2g.com/cgi/mi2g/framese...ess/021104.php
-
November 4th, 2004, 03:38 PM
#132
That's a bit misleading if you ask me. Let's look at what kinds of servers are in *typical* 24/7 operations.
Web Servers
ftp servers
dns servers
Database servers
3 of those 4 are typically in a DMZ or punched through people's firewalls for public access. It's natural that they would get attacked and compromised more often than anything else because they have no real protection other than the system itself being hardened. The database server...well since the web server and dbase server communicate regularly...it's just a hop skip and a jump away.
Look at a typical windows domain controller(in a 24/7) however, and you'll find that it is typically behind a sturdy firewall, on a vlan, with an IDS watching it....and then some.
That's still a good study..too bad it costs so damn much.
Antionline in a nutshell
\"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"
Trust your Technolust
-
November 4th, 2004, 06:49 PM
#133
Windows can't do 24/7 servers. 
Chris Shepherd
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
-
November 4th, 2004, 09:40 PM
#134
Member
has anybody read the top of the openbsd banner? www.openbsd.org may i say more?????
Free, Functional, & Secure Since 1995
Only one remote hole in the default install, in more than 8 years!
and netbsd, you have to go in manually to enable services, quite alot of services are enabled by default in windows installations.
-
November 4th, 2004, 10:11 PM
#135
And you seem too have no idea what the hell you're talking about. Open BSD comes in a way that ANY OS could brag that same ****. They have Code Audits.... So does SUSE Linux. They come with less Services enabled.... Well that's idiotic as it's damn near an un-useable system untill you open things up.
SUSE Linux allows you too download ALL updates before it even boots up for the first time. That options mkaes it higher in my list. Mandrake says you can doo the same thing, but it doesn't work as well as SUSE does. SUSE Linux 8.2 and up all have the option. You get done installing, and start downloading updates soo the system is totally up too date becayse it even boots up, and you can configure it with YAST2 right away.
SUSE Has the same Code Audits as Open BSD and better ability too have the system boot up into a secured state than Open BSD.
Any moron could take Slackware, and make it so nothing is running when it installs and pop in on a CD and starting bragging "Never had a security hole in the remote installation ever".
Free BSD has taken strides too. Net BSD is a toy OS for people with exotic hardware that want too run a BSD OS. IT's a TOY. Open BSD is made and based on NetBSD as that jack ass Theodor or however he spells it, was on the Net BSD team but argued about how he wanted things too be, so he started Open BSD and started doing code audits. And as I said, SUSE does security code audits too.
SUSE Has the biggest team of any Linux distro, and they have a whole part of that team for nothing more than auditing code for security.That is one reason why SUSE gets MAYBE 2 security flaws in a month for things like YAST and core SUSE things. And Gentoo gets 3 a day 
SUSE has a very good amount done with security, and they work at it very well, making it solid and secure.
SUSE and Slackware are the way too go.
-
November 5th, 2004, 05:20 AM
#136
Adding to gore's post, Suse is also backed by a large, rich, OSS loving company (novell). This gives them more opportunities than a lot of the other Linux OSes because quite a few of them don't have that kind of money backing them. This is also the reason they can afford having so many security EXPERTS (not people who can read code and couldn't see a vuln if their life depended on it, like most programmers) looking over code on a day to day basis finding stuff...
I personally think that Novell is going the way of the future. They take the best of both worlds (worlds being Big corp [M$], OSS [slack, debian, gentoo etc.]) and put it all together... I think they are going to see quite a big amount of succes in the next few years... Especially if they manage to break the home market open... That would rock... More $$ for me in the long run... (working on computers, most people haven't the slightest clue of linux)
[H]ard|OCP <--Best hardware/gaming news out there--|
pwned.nl <--Gamers will love this one --|
Light a man a fire and you\'ll keep him warm for a day, Light a man ON fire and you\'ll keep him warm the rest of his life.
-
November 7th, 2004, 05:37 PM
#137
Jesus! Not this again.... 
Okay, I'll bite. Can't refuse an opportunity to plug for UNIX.
We don't see much here on AO in the *nix forums about Sun. That is probably for understandable reasons since most members are probably thinking in terms of Home computers rather than production computing environments. Breaking from tradition, allow me to explain why Solaris
is more secure than Windows... Caveat: Note that *none* of these things are install defaults.
1) We can connect to the machine and control the entire session over serial null modem (console).
This gives us the ability to do the entire install remotely, without the box needing to be on the networrk.
2) Select the leanest install, for example 'Core' and further remove any unnecessary packages.
3) With the install complete, we disable root logins anywhere but the console. Enable blowfish password encryption, disable all other algorithms.
4) Proceed to removing all users and groups not requierd for the tasks to be performed on the box.
5) Enable all available logging.
6) Apply all patches (via tip hardwire).
7) Yadda.. yadda. do more security stuff including turning all but mission critical serivces off....
8) Create a flash archive of the running system. Poof! viola! You now have an installable secure image that you can place on every other machine on the DMZ complete with patches and all the security modifications you have made.
Best of all, you are likely to have uptime measured in months, quarters, etc. instead of days. In real life, in a real production environment that is what counts when management discusses their I.T./I.S. staff.
Get OpenSolaris http://www.opensolaris.org/
-
November 7th, 2004, 05:59 PM
#138
Heh, you just named off what I do on a SUSE install. Except my security patches are installed before the machine has ever even booted for the first time. My Encryption is Blowfish usually, but I do like having 4096 bit encryption so generally I use that.
It's only overkill if you don't know how too use it. And for servers, which you were talking about:
SUSE Linux Enterprise Server 9, if you have at least 256 MBs RAM, you can do a fully GUI installation over SSH or VPN, I'd consider that fairly secure for the "I don't want too get off my ass" group.
YAST2 is included, which is the best Management tool ever created. And for the record I do own Solaris, and have used it once, but I'd much rather get a Sun box with Trusted Solaris on it.
Anyone who'd like to donate too the cause is welcome lol. We can call it "Gore wants too play in the Sun".
-
November 7th, 2004, 10:46 PM
#139
SuSE is a fantastic distro, and Sun is steadily falling behind the curve compared to Linux. For large installations I really prefer Sun hardware over PC's because of OpenBoot and LightsOut and the flexibility it gives you for remote administration. Having said that, Debian running on a couple of racks of SunFire v100's has worked out great for us so far (each box has been up for about 300 days now).
TrustedSolaris is just Solaris 8 with the wealth of Sun security stuff turned on, unsecure services removed and a very *very* hefty price tag. I am pretty confident that I can get Solaris 9 going for my customers with SunScreen and the other security toolkit stuff that Sun provides at no extra cost with the media and have a machine that is at least as secure as TrustedSolaris.
Solaris 10 for those who have even a marginal interest is well worth the look. The ability to compartmentalize processes into groups and assign each group maximum and minimum system resources has proved itself on a test box running a very unfriendly Oracle test server on a Sun v1280 over the past couple of months.
The downside to Sun of course is that it is largely proprietary, and to make any Sun workstation or development box very worthwhile you really need to install a bunch of the GNU software. Proof positive that Open Source wins in the UNIX world.
-- spurious
P.S. Don't waste your time on any of the Sun Blade server stuff (e.g. Sun Blade B1600). They are a neat idea, but what a piece of sh*t. We have replaced every blade in the three units we have at least once; thank god we didn't eat the cost.
Get OpenSolaris http://www.opensolaris.org/
-
November 8th, 2004, 12:11 AM
#140
Originally posted here by spurious_inode
SuSE is a fantastic distro, and Sun is steadily falling behind the curve compared to Linux. For large installations I really prefer Sun hardware over PC's because of OpenBoot and LightsOut and the flexibility it gives you for remote administration. Having said that, Debian running on a couple of racks of SunFire v100's has worked out great for us so far (each box has been up for about 300 days now).
TrustedSolaris is just Solaris 8 with the wealth of Sun security stuff turned on, unsecure services removed and a very *very* hefty price tag. I am pretty confident that I can get Solaris 9 going for my customers with SunScreen and the other security toolkit stuff that Sun provides at no extra cost with the media and have a machine that is at least as secure as TrustedSolaris.
Solaris 10 for those who have even a marginal interest is well worth the look. The ability to compartmentalize processes into groups and assign each group maximum and minimum system resources has proved itself on a test box running a very unfriendly Oracle test server on a Sun v1280 over the past couple of months.
The downside to Sun of course is that it is largely proprietary, and to make any Sun workstation or development box very worthwhile you really need to install a bunch of the GNU software. Proof positive that Open Source wins in the UNIX world.
-- spurious
P.S. Don't waste your time on any of the Sun Blade server stuff (e.g. Sun Blade B1600). They are a neat idea, but what a piece of sh*t. We have replaced every blade in the three units we have at least once; thank god we didn't eat the cost.
Oh man Sun Screen looked AWESME when I was reading up on it. It has more than I need of course, being it was emant as a REAL firewall for a high end environment, but I still liked it.
You're post is post 138 That's awesome !! http://www.onethirtyeight.net
The blades looked pretty good but after reading your post, heh wow. Then again a lot of things look great on paper heh.
I would love a Sun box. I need the experience working with them for when I move. I've got an ad here for a Sun V250 Server which was a little more affordable for me at 3 Grand. So Maybe I'll try that out.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote