Greetings, Security is really a very complex subject, and judging the relative security of various distributions is difficult. What is really the important consideration is the policy of the system and organization behind it.
Debian, I know, has a strong security policy; the developers actively track and fix security flaws and try to prevent new ones from being introduced. Debian usually has a default secure installation, or else has big warnings if a particular package is insecure in its default state (and then usually has instructions on how to make it secure). Debian is also very nice in that its easy to keep packages upgraded, tracking security fixes as they come out. Debian is usually on top of security fixes, releasing updated packages very quickly after flaws are discovered. To be fair, I'm sure that RedHat does this too for the most part. A major issue, though, is keeping the system updated and tracking the latest security fixes. This is easy under Debian (almost a no-braner thanks to Apt), but harder under current versions of RedHat (I would assume, given that it lacks apt). The other issue is securing the system. Its usually impossible to assume that the system is secure given the default configuration, and certainly impossible to assume it to be so after useful packages have been installed and users have used the system. Keeping a system secure is really very much an ongoing process, sad but true, it takes monitoring, regular backups and keeping up with new security issues. Debian goes a long way to helping you with the later, the others are the real hard work, I guess. And finally, the kernel is very rarely the entry point of a crack, it is almost always a user-space program that is at fault (such as recent BIND attacks, wu-ftp type things, etc). Good luck. In message <[EMAIL PROTECTED]>it was written: >I am frustrated with the linux 2.2 kernel. I have had two hacks in 3 months >and I am going broke rebuilding my server. > >I went out and bought Redhat 7, and got hacked 6 weeks later. > >I have been placed in contact with a guy who wants me to use Debian. But if >it based upon the same kernel as redhat, how is it going to be more secure? >I checked and found that > >from (http://www.securityfocus.com/) >Security risks for years: 1997-2000 respectively: >Debian 3, 2, 32, 45, 12 >RedHat 6, 10, 49, 85, 20 > >So Debian is about twice as good as redhat, but that is not real reassuring. > >I am considering joining the debian family, but am a bit concerned about >security. > >Just how much more secure is Debian than redhat? > >Thanks! > >Steve Rudd > > >-- >To UNSUBSCRIBE, email to [EMAIL PROTECTED] >with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > as always, nick [EMAIL PROTECTED] * http://www.fargus.net/nick Developer - Systems Engineer - Mad System Guru - MOO Sales he picks up scraps of information/he's adept at adaptation because for strangers and arrangers/constant change is here to stay
