Re: Debian security.
On 4/3/06, Surachai Locharoen <firstname.lastname@example.org> wrote:
> Is there any body guarantee debian security. I want to install debian as
> my server instead of redhat as3 server which just attack by Phishing.
As stated already, this sort of problem usually comes about because of
some insecure PHP or CGI script or script suite rather than through
the underlying OS's security, so Debian isn't going to offer you more
security than Redhat in that sense.
The best defense against this sort of attack is to a) understand
everything you install, how it works, how to spot when it's not
working, how to interpret the logs it generates, etc, and/or b) hire
someone trustworthy who is skilled to understand it for you (which can
include using hosted services). It's not enough to install a script
and leave it be forever. You have to upgrade them immediately after a
new version comes out, or at least shut off the old version while you
review your options. It's a real pain having to maintain a busy server
online, which is why b) can be a great option.