General Linux security overview
 

I am preparing a paper to convince a library to start moving from Solaris to Linux. Linux security issues have been in the press for some time and it seems that some folks have turned toward Linux from Windows, the usual victim. I would like to show that Linux can be as secure as other Unix type systems with the application of good security practice.
Questions:
1. What are the major security threats to Linux?
2. How good have the major distributors been with regard to addressing known problems?
3. Could someone attempt to rate the major vendors on security?

Please keep in mind that I am working for a small University - budgets are limited and vulnerability to attacks are more likely.
dc

You might want to checkout Redhat's recent response to the Forrester Report (which is probably one of the "reports" on security issues that you've heard lately). It's got some interesting insights on anti-linux FUD and how people are manipulating the statistics to make their OS the best.

http://www.linuxworld.com.au/index.p...20;fp;2;fpid;1

Bear in mind as well that security is what you make it. Neither Linux nor Windows are secure by default. Both can be made pretty secure if the effort is put in to harden and patch them.

Personally, I think this is more important than how many days it takes this vendor or that vendor to produce a patch.

How many attacks (e.g. worms, viruses, crackers) an OS attracts is important too (Windows leads on the first two, maybe not on the third, but all that could change over time).

One factor you should consider is whether it will be easier for your Solaris admin people to learn Linux security rather than Windows security. I would think that it would be.