Re: Security Question
hi ya john
On Thu, 2 Jan 2003, Jamin W. Collins wrote:
> While this message screams troll, there's the possiblity your question
> is legit.
yuppers..
> On Thu, Jan 02, 2003 at 03:39:22PM -0800, John Gedeon wrote:
> > > I have Debian installed on my home computer (3.0 stable version) I
> > want to use it to remote login in to work, however the people in
> > charge of the remote logins (IT) at my work say that Debian has lots
> > of security holes.
>
> Is Debian free of potential sercurity holes, no. Is _any_ software free
> of security holes, extremely doubtful.
>
> > I was wondering what security holes Debian may have (especially in
> > comparison to Red Hat) if any. And if any of those cannot be taken
> > care of.
>
> None that I'm aware of.
>
> > They also claimed that Debian isn't stable in comparison to Red Hat,
> > Is Red Hat more stable?
>
> Not in my experience. Additionally, I find Debian much easier to
> maintain and update.
"depends" on your defition of "stable"...
- if you mean each time yu install rh or deb you get exactly
the same thing ... than you should install from cdrom
- if you mean "unstable/testing" branch of debian vs released
copies of redhat
- that's not the same thing .. not a legit comparason
( regular users dont get access to redhat's testing tree )
> > I am asking for this information so that I have more backing when I
> > tell the IT people here that Debian as good if not better than Red
> > Hat. I would prefer to use Debian.
for security statistics ... one has to normalize number of hacked
redhat machines w/ its installed base ... and similarly for debian
and than compare percentages of "[cr/h]acked boxes"...
-
- a relaxed "security admin policy" is usually the first culprit
-
- see if any of these sounds like your environment
top 20 security problems...
http://www.sans.org/top20
top 7 management mistakes...
http://www.sans.org/newlook/resources/errors.htm
top-10 attacks around the world
http://www.dshield.org
when one says that x is better than y .... i start up with:
i start from, all linux distro is ausually exactly the same..
( different versions ... older vs latest/greates issue...
( latest being better since its fixed knowns buggs
( latest besing worst, as it might have new bugs
- same kernel
- same bash
- same apache
- same exim/sendmail
- same glibc
- same 10,000 packages
what makes each linux distro different
- the gui for the user to install the selected/desired apps
- the way if any for updating the installed system w/ patches
<flame suit on>
commercial entities need to generate revenue !!!
- you do that by getting $300/incident tech support phone calls
- things that used to work... breaks in the next release ...
no reason for that except ... :-)
<keeping the flame suit on>
c ya
alvin
Reply to: