Focus on Linux
Red Hat vs Debian Linux: overall security Nov 27 2006 05:44PM
tjanas austin rr com (7 replies)
Re: Red Hat vs Debian Linux: overall security Nov 30 2006 12:19AM
jm (jm hcn com au)
Re: Red Hat vs Debian Linux: overall security Nov 29 2006 10:04PM
Uday K. MOORJANI (umoorjani mediaserv net)
RE: Red Hat vs Debian Linux: overall security Nov 28 2006 08:50PM
terry (tvernon24 comcast net)
Re: Red Hat vs Debian Linux: overall security Nov 28 2006 06:18PM
Cristobal Palmer (cristobalpalmer gmail com)
Re: Red Hat vs Debian Linux: overall security Nov 28 2006 06:15PM
Syv Ritch (syv 911networks com)
On 27 Nov 2006 17:44:30 -0000
tjanas (at) austin.rr (dot) com [email concealed] wrote:

> I am evaluating the overall security of Red Hat linux vs Debian.
> I've been told that Debian has many more vulnerabilities than Red
> Hat. I've also been told that Red Hat is quicker to release
> security patches than Debian is for the "stable" release. Can
> someone point me to a good overall assessment of the two? Using
> this tool: www.securityfocus.com/bid I see that Debian has 17
> pages worth of issues but Red Hat has surprisingly few. Am I
> misinterpreting the results from this tool?

Most of the security problems do not come from the OS but from the
poor/bad configurations [translation the system administrator]. Most
of the security bugs in OSes [including MS] are dangerous because of
the bad configurations. Even W2k3 is a very secured OS once it's
properly configured, same from RH and for Debian and it's variants
[as you can see from my headers, I am using Ubuntu].

Questions to ask:
* Will this be in the wild? On the Internet? On a closed network?
* What kind of application? Proprietary/custom or well known.
* What kind of users? Will the users access them or will the
application access them?
* Networking? VLANs, Private Vlans, routing, network design... Do I
hear arp and proxy-arp? Layer 2 security, Layer 3 security.
* Where do the threats come from? [internal users or Internet]
...

I run both RHEL and Ubuntu as servers and both have stood very
well under the regular attacks. Most of them are from script
kiddies, and so far [touching wood as I gloat] RH and Ubuntu have
withstood the hundreds of daily attacks. I even still use one
RedHat9 server that we can't upgrade because of the custom
application does not run under 2.6. When will the owners of the
business come up with the cash for a re-write is still unknown.

--
Thanks
http://www.911networks.com
When the network has to work

[ reply ]
Re: Red Hat vs Debian Linux: overall security Nov 28 2006 06:09PM
Vincent Renardias (vincent renardias com)
Re: Red Hat vs Debian Linux: overall security Nov 28 2006 06:06PM
Graeme Fowler (G E Fowler lboro ac uk) (1 replies)
Re: Red Hat vs Debian Linux: overall security Nov 29 2006 08:00PM
Alex Nordstrom (lx se linux org)


 

Privacy Statement
Copyright 2010, SecurityFocus