On Thu, Sep 11, 2003 at 01:58:59PM -0500, B McAndrews wrote:
> Could someone staighten me out here. When did Unix based system become
> the bastion of security?
Ever since the standard it is compared to is Microsoft...
> In a former lifetime, I used to work on VAX/VMS for classified (as
> in military) work. I can't remember the issues, but when we started
> moving off the VAX/VMS over to Unix workstations, the IT security
> folks were not at all comfortable with the security of Unix compared
> to the VAX/VMS. Does anyone have any insights as to why that might be?
Sure; there are a lot of them. One of the most telling is the fact
that permissions on Unix/Linux are binary--you're root, or you're not.
There's no provision in standard Unix/Linux for graduated levels of
authority, or for cooperative privileges (e.g., it takes both the Security
Officer and Administrator, each providing a separate authentication,
to gain certain security levels; no one person can do so.)
Too many programs have root access. Auditing and logging aren't
Orangebook quality. Default installations tend toward permission unless
explictly denied; security wants it the other way. And so on.
Nevertheless--it's a da*n sight more secure than Windows, as far as anyone
can tell by looking at Windows from the outside (since we can't inspect
the source.) Yeah, yeah, I know--"but NT and 2K are really VMS inside."
So they say. Nobody's proven that to me in any way that matters--by showing
the robust reliability and security that should come from that.
--
Dave Ihnat
[EMAIL PROTECTED]
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list
