To quote Steve Rudd <[EMAIL PROTECTED]>,
# Hi!
#
# I am frustrated with the linux 2.2 kernel. I have had two hacks in 3
months
# and I am going broke rebuilding my server.
#
# I went out and bought Redhat 7, and got hacked 6 weeks later.
#
# I have been placed in contact with a guy who wants me to use Debian.
But if
# it based upon the same kernel as redhat, how is it going to be more
secure?
# I checked and found that
#
# from (http://www.securityfocus.com/)
# Security risks for years: 1997-2000 respectively:
# Debian 3, 2, 32, 45, 12
# RedHat 6, 10, 49, 85, 20
#
# So Debian is about twice as good as redhat, but that is not real
reassuring.
#
# I am considering joining the debian family, but am a bit concerned
about
# security.
#
# Just how much more secure is Debian than redhat?
A little lesson in security:
A computer is as secure as the admin is thoughtful and thourough and
knowledgable. Red Hat can be just as secure as the most secure Debian
box, and vise versa. The Linux kernel itself is only a relatively small
part of a fully-functioning server. It is, of course, incredibly
important :) Anyways, the kernel itself is actually pretty darned
secure; it's the programs underneath it you need to worry about. You
need to secure your web server software, your file sharing software,
everything. *that's* where you're getting hacked - not in the kerel.
Anyways, if you're running a business, I think you should either spend
some money and hire someone to come in and help you secure your server,
or you/your admin should start reading Unix administration guides. A
competent admit can secure whatever distribution of Linux is put in
front of him. An incompetent admit won't be able to secure anything.
Debian, in a default installation, is more secure than Red Hat, but that
isn't saying much. The default installation of Debian wouldn't work too
well as a full-blown modern webserver, for instance.
David Barclay Harris, Clan Barclay
Aut agere, aut mori. (Either action, or death.)
