[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: not a holy war, but seeking reason behind superiority

To: darren_spruell@sento.com
Subject: Re: not a holy war, but seeking reason behind superiority
From: devnull@sdf.lonestar.org
Date: Tue, 19 Mar 2002 09:46:38 +1100
Cc: misc@openbsd.org
Organization: A small armed band of squirrels.
References: <38428.10.5.1.12.1016463085.squirrel@mail1.sento.com>

Darren Spruell wrote:
> 
> Greetz misc,
> 
> Hope no one interprets my questions to be flamebait.
> 
> I have some coworkers who seem to be insistent that Red Hat Linux is the *nix
> variant of choice for our company.  We've put it in use for about a dozen of our
> database, web, dns, ftp, mail, proxy, and file servers in the company.  This
> includes hosts in our DMZ.  The primary facet of the security model is a
> well/tighly configured PIX firewall, and frequent security/vulnerability
> scanning of systems.
> 
> I recently put in a proposal to set up and run an OBSD 3.0 server that would
> provide ftp, tftp, radius, and www service for some of our net devices
> (switches) internally.  I planned on configing PF to limit traffic to only 2
> authorized vlans so as to restrict access from where it is needed, as well as
> configuring the various services running on it to allow access to the right ppl
> (through access control in daemons and user authentication).  The request was
> *essentially* denied; based on reason that the security admin (of all ppl) had
> no reason to believe that OBSD is any better suited for the job than RH Linux.
> 
> Now myself, I don't really know enough for a fact to show/"prove" to him the
> info that he wants; that openbsd is more secure than Red Hat Linux; that openbsd
> has anything more to offer us than Red Hat; that the security model I have come
> up with will be sufficient to justify this server being put into use.
> 
> What "hard evidence" is at my disposal to show that in fact, obsd is superior to
> Red Hat security-wise and can offer more to us than red hat in other areas?  I'm
> familiar with the code auditing that occurs on software included in the default
> install, as well as the 4-years-without-a-remote-hole record. I'd like more,
> perhaps statistics, or whatever I can get.
> 
> If there are those of you that counsel your clients on which opensource OS to
> choose and why it should be openbsd, i'd like to hear from you too.
> 
> many thanks in advance.
> --
> Darren Spruell

IIRC, Attrition.org keeps or kept statistics on what sorts of machines
have their webpages defaced, and things like that. 

-- 
for a in sdf.lonestar.org; do devnull@$a; done

Finger devnull@sdf.lonestar.org for PGP public key

References:
- not a holy war, but seeking reason behind superiority
  - From: "Darren Spruell" <darren_spruell@sento.com>

Prev by Date: Re: Errors on /var/log/maillog
Next by Date: Re: IPSec Error PAYLOAD_MALFORMED (OpenBSD-3.0 + Cisco 7200)
Prev by thread: Re: not a holy war, but seeking reason behind superiority
Next by thread: Mathematica4.1 under OpenBSD
Index(es):
- Date
- Thread