Security Basics mailing list archives

Re: Linux (in)security

From: Peter Busser <peter () trusteddebian org>
Date: Thu, 7 Aug 2003 09:12:20 +0200

Hello,

I would thanks information about security in Linux:

1. Securing a linux server (specially Redhat). Installing and administering
a linux server in a secure form


There are tons of howto's, books and what not about how to lower the
vulnerability of Linux machines. All these advises boil down to removing
functionality from your system. Either by shutting down network services or
by removing programs from your system.

2. Why is linux more secure than windows


It depends on your viewpoint which one is more secure. You could argue that
MS-Windows is more secure, because it got an Common Criteria AEL4
certification, whereas SuSE Linux only got AEL2+ (and perhaps AEL3+ in the
future (bigger is better in this context)). But this is mostly security on
paper.

I think that for the most part the Linux as shipped by the large distribution
makers and MS-Windows are comparable. The difference is IMHO that Microsoft
made some design decisions to make their systems more ``user friendly'' at the
expense of security (Outlook Express, the well-known virus replicator being a
good example for this). MS-Windows/NT has probably more security mechanisms
like ACLs and IPSEC built-in, than most Linux distributions. But I don't know
enough about MS-Windows to say for sure.

One way in which some (though not all) Linux distributions have an advantage
over MS-Windows is updatability (especially Debian is really good at that).
And Linux admins are generally more knowledgable, which is also very important,
because most security problems are caused by human errors.

3. Securying Squid


You should really read the Squid documentation, including the FAQ. One thing
that is useful (if you run Squid on a gateway), that is to configure Squid to
only listen on the IP address of your internal network interface. This makes it
harder for outsiders to connect to your Squid proxy.

Groetjes,
Peter Busser
-- 
The Adamantix Project
Taking trustworthy software out of the labs, and into the real world
http://www.adamantix.org/

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Linux security John Jairo Florez Torres (Aug 06)
- Re: Linux (in)security Peter Busser (Aug 07)
- Re: Linux security Devdas Bhagat (Aug 07)
- Re: Linux security vincent (Aug 08)
  - RE: Linux security Paul Farag (Aug 08)