Re: A question of Security

Glynn Clements (glynn@sensei.co.uk)
Thu, 16 Dec 1999 12:18:50 +0100 (GMT--1:00)


David W. Robinson wrote:

> I am currently trying to convince our network people of the safety of
> using a Linux machine as an internet server, running Apache and
> Realmedia Streaming Media. What I am looking for is evidence,
> articles, papers etc that compares the security of a linux server against
> the security of a box running Solaris and other common Unix
> Operating systems. Can anyone help by pointing me in the right
> direction, or sending me material to use in the defense of Linux?

If you were looking for evidence against using an NT-based setup, the
task would be a lot easier. The commercial Unices (with the exception
of SCO) aren't IMHO significantly less secure than the free ones.

The main advantages of Linux (and the free BSDs) over commercial
Unices are:

1. The usually shorter turnaround time for security fixes. Checking
the BugTraq archives[1] and comparing the dates of vulnerability
reports against the date of the corresponding notification of a fix
being available should verify this.

2. The availability of source code for peer review. However, you
should consider whether it is a good idea to point this out.
Unfortunately it seems quite common for non-techies to assume that
source code availability makes a program less secure, rather than
more.

[1] http://www.securityfocus.com/templates/archive.pike?list=1

-- 
Glynn Clements <glynn@sensei.co.uk>

- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.rutgers.edu