[Tfug] Multiple distros for security?

Tyler Nienhouse flakeparadigm at gmail.com
Thu Jan 22 21:49:37 MST 2009 

Agreed. As I have heard, OpenBSD is one of, if not the most, secure
operating system out there.

-Tyler


On Thu, Jan 22, 2009 at 21:44, Jordan Aberle <jordan.aberle at gmail.com>wrote:

> If you want a locked down secure server I would recommend openbsd,
> http://www.openbsd.org/
> They have only had two remote exploits in the last ten years, and even
> those never made it past proof of concept.
>
>
> -Jordan
>
>
> On Thu, Jan 22, 2009 at 8:40 PM, Matt Jacob <matt at mattjacob.com> wrote:
>
>> Hi everybody,
>>
>> An issue came up at work recently while discussing the architecture
>> for a new DNS server deployment. It was suggested that using different
>> distros (Debian, FreeBSD, and probably CentOS) across each DNS server
>> would provide greater security in the event of a 0-day exploit against
>> a particular distro. While I don't disagree with that thinking, an
>> obvious con is that maintenance will take longer, software versions
>> will be out of sync, and admins will be forced to manage systems
>> they're not comfortable with.
>>
>> The question, then, is whether there is enough merit in distro
>> diversification to outweigh the added complexity and management time.
>> My feeling is that proven distros such as Debian, CentOS, Fedora,
>> SUSE, etc. are secure enough to stand on their own, and I think we've
>> seen this verified in the wild. However, I can't forget about the
>> Debain OpenSSL vulnerability not so long ago that seems to disprove my
>> theory. On the other hand, attacks against a particular piece of
>> software would apply to any system (Apache, MySQL, PowerDNS, etc.).
>>
>> Alright, enough of me thinking out loud. Spark some discussion and try
>> to convince me one way or the other.
>>
>> Thanks!
>>
>> Matt
>>
>> _______________________________________________
>> Tucson Free Unix Group - tfug at tfug.org
>> Subscription Options:
>> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>>
>
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tfug.org/pipermail/tfug_tfug.org/attachments/20090122/dab81b8d/attachment-0002.html>

More information about the tfug mailing list