[Tfug] Multiple distros for security?

Jordan Aberle jordan.aberle at gmail.com
Thu Jan 22 21:44:44 MST 2009


If you want a locked down secure server I would recommend openbsd,
http://www.openbsd.org/
They have only had two remote exploits in the last ten years, and even those
never made it past proof of concept.


-Jordan

On Thu, Jan 22, 2009 at 8:40 PM, Matt Jacob <matt at mattjacob.com> wrote:

> Hi everybody,
>
> An issue came up at work recently while discussing the architecture
> for a new DNS server deployment. It was suggested that using different
> distros (Debian, FreeBSD, and probably CentOS) across each DNS server
> would provide greater security in the event of a 0-day exploit against
> a particular distro. While I don't disagree with that thinking, an
> obvious con is that maintenance will take longer, software versions
> will be out of sync, and admins will be forced to manage systems
> they're not comfortable with.
>
> The question, then, is whether there is enough merit in distro
> diversification to outweigh the added complexity and management time.
> My feeling is that proven distros such as Debian, CentOS, Fedora,
> SUSE, etc. are secure enough to stand on their own, and I think we've
> seen this verified in the wild. However, I can't forget about the
> Debain OpenSSL vulnerability not so long ago that seems to disprove my
> theory. On the other hand, attacks against a particular piece of
> software would apply to any system (Apache, MySQL, PowerDNS, etc.).
>
> Alright, enough of me thinking out loud. Spark some discussion and try
> to convince me one way or the other.
>
> Thanks!
>
> Matt
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tfug.org/pipermail/tfug_tfug.org/attachments/20090122/477903ac/attachment-0002.html>


More information about the tfug mailing list