RE: [Full-Disclosure] M$ Getting Better?
From: Todd Burroughs (full-d_at_parsec.net)
Date: 06/22/04
- Previous message: Konstantin V. Gavrilenko: "[Full-Disclosure] Wireless Modem (BT Voyager 2000 Wireless ADSL Router cleartext password)"
- In reply to: marklist_at_comcast.net: "RE: [Full-Disclosure] M$ Getting Better?"
- Next in thread: joe: "RE: [Full-Disclosure] M$ Getting Better?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: marklist@comcast.net Date: Tue, 22 Jun 2004 03:12:42 -0400 (EDT)
> I for one, DO have experience in both Windows and Unix system administration, and everyone of our internet facing machines is running Linux. Why? Because for me they are easier to secure. I can turn off any services that I don't need, I have a fully-functional firewall on every box, and I don't have to reboot once a month to stay secure(all updates are currently automated, only kernel vulns need a reboot).
From my experiance, we reboot our Windows servers daily or more often
just to keep them running. (They are very busy) It's a given that we
have to reboot when doing updates. We don't usually have to reboot to
do updates with Linux or *BSD, unless we replace the kernel or libc,
which is much more rare. (ok, Linux kernel has been bad lately ;-)
Basically, we run a bunch of load balanced Linux boxes and they don't
get rebooted much, except that we've designed and implemented a system to
install them automatically, so we reboot them for security updates because
it's easier (re-installs everything that is different), but then they
basically reinstall themselves. It's simple, we don't have the unique
binary registry to deal with, just the config files that are common to
all similar servers. This is not possible with Windows as far as I know.
(I know there's some third party stuff that might make it work, but it's
$$$ and probably second rate software)
On our Windows side, we have two servers to handle each group of users
(websites). Our load balancers failover to one or the other. Each of
these handles a max of 1000 domains. The Linux servers have over 100,000
domains each and balance among a lot of servers. This is not possible
with Windows (maybe by paying a *lot* of money it is, I don't know)
We have not figured out how to make a Windows box install and come up
serving web/mail with no human intervention, but we do that with all of
our Linux boxes. When we lose a hard drive on a blade server, we replace
it and turn it on, it installs and comes up doing mail/web or whatever.
We also do not have any Windows boxes directly facing the Internet,
it's too dangerous. They're all hidden behind firewalls, etc. We have
hundreds of Linux and FreeBSD boxes directly on the 'net though. It's a
pain to keep them safe, but it's not hard compared to Windows.
Sorry, but the MS system is not secure and not easy to secure or
administer on a large scale. I prefer Linux and don't particularly like
MS, but I use whatever makes sense. I'm not a "fanboy" for anything.
Todd
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Konstantin V. Gavrilenko: "[Full-Disclosure] Wireless Modem (BT Voyager 2000 Wireless ADSL Router cleartext password)"
- In reply to: marklist_at_comcast.net: "RE: [Full-Disclosure] M$ Getting Better?"
- Next in thread: joe: "RE: [Full-Disclosure] M$ Getting Better?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
