On Thu, Jan 06, 2005 at 01:57:24PM +1300, Mike Tierney wrote:
Allen wrote:
You're on a SUSE list standing up for OpenBSD.
So what? There's absolutely nothing wrong with that.
Very true! Infact it's possibly a bad idea to "stick all of your eggs in one basket" and have a 100% homogenous OS environment. For example, even though we're migrating all of our servers to SuSE SLES, it might be a good idea to have our Firewall running [open|net]BSD.
Why?? Whats wrong with a SLES firewall?? Well if there *did* ever happened to be an exploit that affected the Linux TCP/IP stack, then people might (possibly) be able run rampant across your network! However if you had a different OS for your firewall, then that would add an extra layer of network security. Possibly. Who knows!
If you like it so much tell them on their list.
Hell, maybe *BSD is more secure by default. SLES 9's default sshd_config isn't ideal, that's for sure! (I think it had "PasswordAuthentication no" but then it also had "UsePAM yes" as well... which OVERRIDES the first setting!!! End result... it still allows PasswordAuthentication unless you reconfigure PAM or set it to "UsePAM no"!).
Um, NO, BSD is NOT more secure than SUSE. SUSE lets you install, then update all patches BEFORE it's even been booted for the first time. That alone gives it a HUGE advantage over BSD. Open BSD might have everything turned off but the only people who gain anything from that are VERY lazy admins. Home users who don't know how to edit configs wouldn't use it to begin with. SUSE has a good firewall front end for IPtables, it updates before booting and X is even not listening by default and you can shut down other services before it boots as well. Put this in the hands of someone who isn't a complete moron and you have a very secure box. SSH by default.... Ummm, I needed to log in before it let me in, what are you talking about?
SuSE is great. *BSD's are all great. None of them are perfect, so there's no harm in comparing them.
I wrote docs for Free BSD, I knwo it's great, but not more secure than SUSE. Let it be known any OS can be made secure. Including DOS. think about it, one user, one task, well, be the one user doing the one task and it can no longer handle anymore applications. You would of course need a custom app to take the risk of more threads being created so someone COULD hack into it, but it can be done.
Cheers Mike
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here