homepage Welcome to WebmasterWorld Guest from 54.146.175.204
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
Forum Library, Charter, Moderators: bakedjake

Linux, Unix, and *nix like Operating Systems Forum

    
Is FreeBSD more *secureable* than Linux for servers? Why or why not?
Serious question -- not flamebait
stlouislouis

10+ Year Member



 
Msg#: 230 posted 5:14 pm on Aug 7, 2002 (gmt 0)

Is FreeBSD more secureable than Linux for webservers?
Why or why not?

I didn't list OpenBSD in the title because it's for single CPU systems only -- although I
guess if one load balanced some clusered servers, you could include that too to
compare. But basically, I'm wondering about BSD .vs Linux.

I know with Linux it depends on the distro -- so pick a good one to compare and/or
contrast to FreeBSD.

Basically, if a person wants a server that's easier to secure against crackers, which
should they choose and why? I know it depends on how the OS is configured on a
server, but given that, which is more *securable* by a non guru -- and why? Are there
any *definitive* step by step HOWTOs one can follow and have a very secure server
with either OS?

And just how long would it take for a newbie to *nix to learn what's needed to set up
and administer very secure webservers on the public internet? Months? Years? How
many? When will one know one is competent enough to *know* one's servers are as
uncrackable as they can be made?

No religious war post, please. Considered opinions -- especially based on
experience, please.

Thanks!

Louis

 

stlouislouis

10+ Year Member



 
Msg#: 230 posted 5:16 pm on Aug 7, 2002 (gmt 0)

To clarify, I'm asking about the following type servers:

For web, database and other type servers like a web hosting company would have
on the public internet where people could have websites -- including e-commerce.

So, Apache, PHP, Perl, MySQL, PostgreSQL, etc -- typical web host offered stuff. So
load would vary depending on what people upload and run on their sites.

Want to pick an OS that will minimize the possibility of being taken over by crackers
or spammers -- or just bad web hosting clients messing with other people's accounts
on a shared server.

I'm NOT a web host, but want to lean what I need to run a public webserver -- not sure
which OS to go with to minimize the security risk.

Moreover, is there a consensus out there that if a person picks a given OS and
follows a specific installation, configuration and administration scheme, that they can
be *very* certian their servers are secure on the public internet?

If not, that's fine. But what OS (and hardening script if there is a great one) will give
the biggest head start?

What I don't want to do is pick an OS, spend a lot of time learning it only to find out I
wasted time on one that's fatally flawed or much less *securable* than another OS I
could pick.

Thanks a million one and all,

Louis

martin

10+ Year Member



 
Msg#: 230 posted 11:45 pm on Aug 7, 2002 (gmt 0)

Well if you *really* want to learn it fast you can in several weeks, but that's really hard, trust me. You need to read things all the time, I learned how to do that in a couple of months.

If you don't have any Unix experience go with a fancy distrubution first like RedHat, learn how to compile stuff and how the system works and then try Slackware or Debian.

If you want the best uptime I think Netcraft got the answer:
[uptime.netcraft.com ]

Most of today's OS's use TCP/IP code developed at the UC Berkeley and FreeBSD is definitely a leader in networking but the guys at GNU really can code - they catched up very fast and in some aspects are ahead of BSD's already.

bird

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 230 posted 12:24 am on Aug 8, 2002 (gmt 0)

which is more *securable* by a non guru

Such a thing doesn't exist. If you want to run a secure system, then you need to know what you're doing, or learn it.

Are there any *definitive* step by step HOWTOs one can follow and have a very secure server with either OS?

The central concept of a secure system is that it only runs those services that it really needs for its intended purpose. Then look at those that you do need, and try to configure them as restrictively as possible, and stay on top of the latest security patches.

When will one know one is competent enough to *know* one's servers are as uncrackable as they can be made?

If you're good, then you'll know when you're there. If not, then you better don't try... ;)

which OS to go with to minimize the security risk.

Many hosting companies chose FreeBSD, because its networking code is particularly solid. It is also often named as beeing stronger in security questions. The main reason for this is that the development proceeds a lot slower than with Linux, which means that bugs tend to get found earlier (relatively speaking) in each release cycle. Even with this being the case, security aware hosters tend to stay one or two releases behind the cutting edge, in order to profit from the post-release bug fixes as well.

But apart from actual bugs, any system can only be as secure as the maintainer understands it. If you have no unix experience at all, then I'd assume that you'll need at least a year until you're reasonably fluent to understand all the potential problem. The same (or worse) would be true if you were switching from unix to Windows, of course.

What I don't want to do is pick an OS, spend a lot of time learning it only to find out I wasted time

The nice thing about unix based systems is that you don't need to relearn everything when you move on to another one. FreeBSD and Linux are a lot more similar to each other than any two Windows versions.

martin

10+ Year Member



 
Msg#: 230 posted 11:46 pm on Aug 8, 2002 (gmt 0)

To make it clear, FreeBSD is more secured out of the box - yet it is harder to configure. You generally would want to first start with Linux.

bcc1234

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 230 posted 9:03 pm on Aug 11, 2002 (gmt 0)

Actually, I would say FreeBSD is easier to configure.
But as far as security - they are the same. It all depends on the configuration.
Both kernels are good and the userland apps are mostly the same for Linux and FreeBSD. Therefore, if there is a security risk - it's most likely in the application and not in the OS.

FreeBSD is more centralized and thus offers less chioces in how the things can be done (and that's a good thing for a newbie).

Both Linux and FreeBSD suck in SMP compared to Windows, Solaris and AIX.
They also suck with threads compred to Windows.

If you are going to be using a box with 4+ processors - forget FreeBSD. More than 8 - forget Linux.

martin

10+ Year Member



 
Msg#: 230 posted 12:18 am on Aug 12, 2002 (gmt 0)

>Actually, I would say FreeBSD is easier to configure.

Probably your opinion is influenced by the fact that it is simpler than Linux, but I think Linux (most distributions) come with a more usable setup, IMHO.

>FreeBSD is more centralized and thus offers less chioces in how the things can be done (and that's a good thing for a newbie).

I even first look at some NetBSD docs when I need to do something on Linux, many Linux docs exist - most say the same things and they are not so organised.

>Both Linux and FreeBSD suck in SMP compared to Windows, Solaris and AIX.
They also suck with threads compred to Windows.

You must be kidding, yes commercial Unices are really great at SMP, but to state that Windoze is better is a stretch. Linux didn't have good SMP several years ago you probably have read some old reviews.

bcc1234

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 230 posted 1:52 am on Aug 12, 2002 (gmt 0)

Using words like Windoze or M$ etc really shows bias.

Nice talking to you, but I'm out of this thread. Don't feel like flaming.

martin

10+ Year Member



 
Msg#: 230 posted 2:06 am on Aug 12, 2002 (gmt 0)

>Using words like Windoze or M$ etc really shows bias.

I won't post anythin more on this but to make it clear: what's good SMP for if you need to restart your computer every few hours?

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved