[Tfug] Multiple distros for security?
jordan.aberle at gmail.com
Thu Jan 22 21:44:44 MST 2009
If you want a locked down secure server I would recommend openbsd,
They have only had two remote exploits in the last ten years, and even those
never made it past proof of concept.
On Thu, Jan 22, 2009 at 8:40 PM, Matt Jacob <matt at mattjacob.com> wrote:
> Hi everybody,
> An issue came up at work recently while discussing the architecture
> for a new DNS server deployment. It was suggested that using different
> distros (Debian, FreeBSD, and probably CentOS) across each DNS server
> would provide greater security in the event of a 0-day exploit against
> a particular distro. While I don't disagree with that thinking, an
> obvious con is that maintenance will take longer, software versions
> will be out of sync, and admins will be forced to manage systems
> they're not comfortable with.
> The question, then, is whether there is enough merit in distro
> diversification to outweigh the added complexity and management time.
> My feeling is that proven distros such as Debian, CentOS, Fedora,
> SUSE, etc. are secure enough to stand on their own, and I think we've
> seen this verified in the wild. However, I can't forget about the
> Debain OpenSSL vulnerability not so long ago that seems to disprove my
> theory. On the other hand, attacks against a particular piece of
> software would apply to any system (Apache, MySQL, PowerDNS, etc.).
> Alright, enough of me thinking out loud. Spark some discussion and try
> to convince me one way or the other.
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the tfug