Re: Red Hat vs Debian Linux: overall security

---

• From: Syv Ritch <syv@xxxxxxxxxxxxxxx>
• Date: Tue, 28 Nov 2006 10:15:27 -0800

---

On 27 Nov 2006 17:44:30 -0000
tjanas@xxxxxxxxxxxxx wrote:

I am evaluating the overall security of Red Hat linux vs Debian.
I've been told that Debian has many more vulnerabilities than Red
Hat. I've also been told that Red Hat is quicker to release
security patches than Debian is for the "stable" release. Can
someone point me to a good overall assessment of the two? Using
this tool: www.securityfocus.com/bid I see that Debian has 17
pages worth of issues but Red Hat has surprisingly few. Am I
misinterpreting the results from this tool?

Most of the security problems do not come from the OS but from the
poor/bad configurations [translation the system administrator]. Most
of the security bugs in OSes [including MS] are dangerous because of
the bad configurations. Even W2k3 is a very secured OS once it's
properly configured, same from RH and for Debian and it's variants
[as you can see from my headers, I am using Ubuntu].

Questions to ask:
* Will this be in the wild? On the Internet? On a closed network?
* What kind of application? Proprietary/custom or well known.
* What kind of users? Will the users access them or will the
application access them?
* Networking? VLANs, Private Vlans, routing, network design... Do I
hear arp and proxy-arp? Layer 2 security, Layer 3 security.
* Where do the threats come from? [internal users or Internet]
...

I run both RHEL and Ubuntu as servers and both have stood very
well under the regular attacks. Most of them are from script
kiddies, and so far [touching wood as I gloat] RH and Ubuntu have
withstood the hundreds of daily attacks. I even still use one
RedHat9 server that we can't upgrade because of the custom
application does not run under 2.6. When will the owners of the
business come up with the cash for a re-write is still unknown.

--
Thanks
http://www.911networks.com
When the network has to work

---

• References:
  • Red Hat vs Debian Linux: overall security
    • From: tjanas

• Prev by Date: Re: Red Hat vs Debian Linux: overall security
• Next by Date: RE: Portsentry and Snort Question
• Previous by thread: Re: Red Hat vs Debian Linux: overall security
• Next by thread: Re: Red Hat vs Debian Linux: overall security
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: Red Hat vs Debian Linux: overall security ... runs on the machine anyway so the whole "which distro is more secure" point ... I am evaluating the overall security of Red Hat linux vs Debian. ... (Focus-Linux) Networking doesnt work after remote install ... The server is currently running a version of Red Hat. ... I've gotten to the point where the core Debian files/kernel are installed, ... but when I restart into Debian, the network won't come up. ... (comp.os.linux.networking) SecurityFocus Microsoft Newsletter #50 ... Subject: SecurityFocus Microsoft Newsletter #50 ... Specialist in Microsoft's Security Services Partner Program, ... Network Monitoring for Intrusion Detection ... Relevant URL: ... (Focus-Microsoft) << SBS News of the week - Sept 26 >> ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ... (microsoft.public.backoffice.smallbiz) << SBS News of the week - Sept 26 >> ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ... (microsoft.public.backoffice.smallbiz2000)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-linux  > 2006-11