[Tfug] Multiple distros for security?

Jordan Aberle jordan.aberle at gmail.com
Thu Jan 22 21:53:22 MST 2009


FYI the installation is text based, they focus on security and not the
looks.  If you haven't used it before be prepared for some reading.

-Jordan

On Thu, Jan 22, 2009 at 9:49 PM, Tyler Nienhouse <flakeparadigm at gmail.com>wrote:

> Agreed. As I have heard, OpenBSD is one of, if not the most, secure
> operating system out there.
>
> -Tyler
>
>
>
> On Thu, Jan 22, 2009 at 21:44, Jordan Aberle <jordan.aberle at gmail.com>wrote:
>
>> If you want a locked down secure server I would recommend openbsd,
>> http://www.openbsd.org/
>> They have only had two remote exploits in the last ten years, and even
>> those never made it past proof of concept.
>>
>>
>> -Jordan
>>
>>
>> On Thu, Jan 22, 2009 at 8:40 PM, Matt Jacob <matt at mattjacob.com> wrote:
>>
>>> Hi everybody,
>>>
>>> An issue came up at work recently while discussing the architecture
>>> for a new DNS server deployment. It was suggested that using different
>>> distros (Debian, FreeBSD, and probably CentOS) across each DNS server
>>> would provide greater security in the event of a 0-day exploit against
>>> a particular distro. While I don't disagree with that thinking, an
>>> obvious con is that maintenance will take longer, software versions
>>> will be out of sync, and admins will be forced to manage systems
>>> they're not comfortable with.
>>>
>>> The question, then, is whether there is enough merit in distro
>>> diversification to outweigh the added complexity and management time.
>>> My feeling is that proven distros such as Debian, CentOS, Fedora,
>>> SUSE, etc. are secure enough to stand on their own, and I think we've
>>> seen this verified in the wild. However, I can't forget about the
>>> Debain OpenSSL vulnerability not so long ago that seems to disprove my
>>> theory. On the other hand, attacks against a particular piece of
>>> software would apply to any system (Apache, MySQL, PowerDNS, etc.).
>>>
>>> Alright, enough of me thinking out loud. Spark some discussion and try
>>> to convince me one way or the other.
>>>
>>> Thanks!
>>>
>>> Matt
>>>
>>> _______________________________________________
>>> Tucson Free Unix Group - tfug at tfug.org
>>> Subscription Options:
>>> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>>>
>>
>>
>> _______________________________________________
>> Tucson Free Unix Group - tfug at tfug.org
>> Subscription Options:
>> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>>
>>
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tfug.org/pipermail/tfug_tfug.org/attachments/20090122/52b595f1/attachment-0002.html>


More information about the tfug mailing list