[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

not a holy war, but seeking reason behind superiority

To: <misc@openbsd.org>
Subject: not a holy war, but seeking reason behind superiority
From: "Darren Spruell" <darren_spruell@sento.com>
Date: Mon, 18 Mar 2002 07:51:25 -0700 (MST)

Greetz misc,

Hope no one interprets my questions to be flamebait.

I have some coworkers who seem to be insistent that Red Hat Linux is the *nix
variant of choice for our company.  We've put it in use for about a dozen of our
database, web, dns, ftp, mail, proxy, and file servers in the company.  This
includes hosts in our DMZ.  The primary facet of the security model is a
well/tighly configured PIX firewall, and frequent security/vulnerability
scanning of systems.

I recently put in a proposal to set up and run an OBSD 3.0 server that would
provide ftp, tftp, radius, and www service for some of our net devices
(switches) internally.  I planned on configing PF to limit traffic to only 2
authorized vlans so as to restrict access from where it is needed, as well as
configuring the various services running on it to allow access to the right ppl
(through access control in daemons and user authentication).  The request was
*essentially* denied; based on reason that the security admin (of all ppl) had
no reason to believe that OBSD is any better suited for the job than RH Linux.

Now myself, I don't really know enough for a fact to show/"prove" to him the
info that he wants; that openbsd is more secure than Red Hat Linux; that openbsd
has anything more to offer us than Red Hat; that the security model I have come
up with will be sufficient to justify this server being put into use.

What "hard evidence" is at my disposal to show that in fact, obsd is superior to
Red Hat security-wise and can offer more to us than red hat in other areas?  I'm
familiar with the code auditing that occurs on software included in the default
install, as well as the 4-years-without-a-remote-hole record. I'd like more,
perhaps statistics, or whatever I can get.

If there are those of you that counsel your clients on which opensource OS to
choose and why it should be openbsd, i'd like to hear from you too.

many thanks in advance.
-- 
Darren Spruell

Follow-Ups:
- Re: not a holy war, but seeking reason behind superiority
  - From: "J. Scott Edwards" <sedwards@xmission.com>
- Re: not a holy war, but seeking reason behind superiority
  - From: Marc Espie <espie@nerim.net>
- Re: not a holy war, but seeking reason behind superiority
  - From: Eric Johnson <eric@gruver.net>
- Re: not a holy war, but seeking reason behind superiority
  - From: Marc Matteo <marcm@lectroid.net>
- Re: not a holy war, but seeking reason behind superiority
  - From: devnull@sdf.lonestar.org

Prev by Date: Re: problem with D-Link DE220
Next by Date: Re: before I endure the harship of a recompile ...
Prev by thread: Re: DNS timeout setting
Next by thread: Re: not a holy war, but seeking reason behind superiority
Index(es):
- Date
- Thread