LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 04-29-2010, 10:02 AM   #1
titosantana
LQ Newbie
 
Registered: Apr 2010
Posts: 3

Rep: Reputation: 0
How is Linux More secure than windows?


I had windows server running a couple of web sites. I always worried about been hacked. When review the security logs I would see some crazy number indicating the type of logon attempt. So I switched to Linux (opensuse 11.2). Now that I look for info on how to secure my server is even more scary because everybody talks about security, ssh (or something like that), root kits, etc. How is Linux more secure than windows?

Another point is that windows installed all the gui needed for us to admin the server quick and easy while linux recommend the console line server because anything else is security risk. How linux is more secure?

Ok. There must be an answer to all this because I think it is my poor knowledge about how linux is secure at the end.

This is my question:

internet - router/firewall (forwarding port 80 only) - linux server (default firewall - default settings).
Based on this: would I worry about security on other ports? ex. ssh 22?
How can someone use port 22 if my router/firewall blocks it?

If can someone give a bit of explanation on how this works I would appreciatted very much. I am looking for books for opensuse 11.2 nothing but there are thousands for Ubuntu. Is any version of linux better than the other?

Thanks
 
Old 04-29-2010, 10:37 AM   #2
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
Any system is only as secure as the weakest link in its security chain, typically passwords or outdated versions of daemons/applications, etc. Your windows system can be more secure than a linux system or the linux system can be more secure than the windows system, it depends on a lot of factors. That being said, if people didn't talk about security would it make it any less important? For instance, if Joe has a contagious disease and John has a contagious disease and Joe never mentions it and John talks about methods transmission can be prevented preventing... which is safer?

Root kits exist in both windows and linux, a root kit is something that hides itself from the operating system by hooking into the kernel or replacing programs used to detect it. While often times not directly harmful themselves, they often have secondary programs like trojans or backdoors to let people remotely control and access your system.

A simple rule of thumb is... the more applications, daemons, and complexity-- the higher chance of there being a critical flaw that is a security vulnerability. GUI's are amazingly complex and huge intertwined masses of applications to present an interface to the user and common APIs to programs which need to interact. An easier way to state this is-- "That which isn't installed can't be exploited."

As far as firewalls go, they're great and it's good you're only forwarding over necessary ports. Do you have other machines behind the firewall? Are you sure those machines can never be compromised? What happens if someone compromises another machine behind the firewall and then attempts to compromise the secure web server...? That's why you want the secondary firewall, completely necessary? probably not... useful for minimizing damages in the event of another host being compromised? Absolutely.

Security isn't a simple black and white, it's a multi-layered, complex and demanding discipline regardless of operating system and it's not a discipline that can guarantee safety no matter how well its done, its just a matter of getting to the minimalistic risk possible given your specific situation.

The best distribution is a matter of contention, I would put forward though that minimalistic installs of CentOS/Redhat, Debian, Slackware, SuSE, and FreeBSD (not linux) are all near the top of the list of top 10 best server operating system installation candidates. My personal preference is Debian (netinstall) followed by CentOS followed by Slackware.

Is linux more secure than windows? Given comparable levels of expertise, yes. It was designed as a multi-user operating system with security from the ground up not added in as an after thought later, so it's design is more conducive to being secure provided the administrator is competent.

Last edited by rweaver; 04-29-2010 at 10:39 AM.
 
Old 04-29-2010, 11:27 AM   #3
titosantana
LQ Newbie
 
Registered: Apr 2010
Posts: 3

Original Poster
Rep: Reputation: 0
Thanks rweaver for your quick response. I have to agree in that at the end is how we admin the computer what makes the server secure. and this is my problem. I am not an expert on server administration and I need to understand how it is possible to someone to request a service on any port if the router/firewall has closed that port.

internet -> opensuse server = I would worry
internet -> router/firewall -> opensuse server = is this secure?

my understanding is that if the firewall has the port closed then there is no way to access any machine on that port. Is this true? I so then is this secure?

Honestly I would give only 2 reasons I switched to Linux
1. Cost
2. I read linux would not ask for reboot for longer times

I am still looking for info to change my mind because I find something interesting about linux.
 
Old 04-30-2010, 12:28 PM   #4
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
They can't request through firewall to a port that isn't open, but if they get in behind the firewall on say another host they would have no difficulty.

Last edited by rweaver; 04-30-2010 at 03:59 PM. Reason: is=isn't
 
Old 04-30-2010, 03:56 PM   #5
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,785
Blog Entries: 1

Rep: Reputation: 414Reputation: 414Reputation: 414Reputation: 414Reputation: 414
Quote:
internet -> opensuse server = I would worry
internet -> router/firewall -> opensuse server = is this secure?
You're thinking firewall=security and that isn't a good idea. For example, if all you have running on the server is Apache, then assuming that the Internet can reach Apache in both scenarios, security is exactly the same. However, if the Apache version on yoru firewalled machine is old and unpatched, then the firewalled machine is actually less secure than the one with an updated version of Apache.

Think of it this way, firewalls only protect the ports that they are blocking. Any port allowed access through the firewall is only as secure as the software listening on that port.

Really what you want to be doing is looking at how the server is exposed to the Internet, and what services will be accessed over the Internet. Then you can look at what security measures, in addition to a firewall, need to be implemented. Security isn't a piece of software you run, it is the overall approach to how you deploy and manage your machines. Do you have a plan to keep the server patched and up to date? Do you have a plan to detect intrusions in case one should occur? Do you have a plan to figure out how someone gains unauthorized access? Do you need a backup server in case you have to take one down? Do you have multiple backups?
 
1 members found this post helpful.
Old 04-30-2010, 04:00 PM   #6
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
Excellent advice.
 
Old 04-30-2010, 04:48 PM   #7
johnsfine
Guru
 
Registered: Dec 2007
Distribution: Centos
Posts: 5,083

Rep: Reputation: 1110Reputation: 1110Reputation: 1110Reputation: 1110Reputation: 1110Reputation: 1110Reputation: 1110Reputation: 1110Reputation: 1110
Quote:
Originally Posted by rweaver View Post
Any system is only as secure as the weakest link in its security chain, typically passwords or outdated versions of daemons/applications, etc.
First, the weakest link in the security chain is not one of the things you mentioned, it is that problem component between the keyboard and the chair.

Second, a system subject to serious attack is only as secure as the weakest link in its security chain. But a typical Linux system is more secure than the weakest link in its security chain, because a variety of factors keep a lot of the potentially serious attacks from ever getting there.

There are some fundamental security advantages to Linux, so that operated with the same competence and attacked with the same severity, a Linux system should be somewhat more secure.

Linux also has some advantages influencing the security competence of the operator. For any level of effort and knowledge, Linux makes it easier to understand security issues and more likely to make better security decisions. A Linux user with insignificant effort and knowledge regarding security might make horrible security errors. But a Windows user with that same level of effort and knowledge would make worse errors. A Windows guru paying a lot of attention to security might do a near perfect job, but a Linux guru paying the same level attention would hit nearer perfect.

But the big differences are the secondary differences. An un-inoculated child in a classroom of un-inoculated children is at serious risk of whatever disease we're talking about. An un-inoculated child in a classroom of inoculated children is pretty safe. That kind of effect is compounded to a much higher level in the Linux vs. Windows security issue. The following factors all multiply together and support each other:

People writing malware want to choose the biggest target.
The number of infected computers forwarding the malware.
The range of OS install/configure choices complicating the malware's ability to target specific flaws.
The relative fraction of other systems that are operated by careful intelligent people (forming that inoculated classroom) that won't forward any malware.

Each of those would make Linux effectively more secure even if it weren't inherently more secure. The inherently more secure is just one more item compounding all those moderate size factors into the overwhelmingly more secure that people actually experience.

That weakest link is sitting logged in on an admin account with rights over an entire network reading his personal email when a message causes malware to open in his default browser in a way that takes over control of the whole network. Why did this story happen in Windows, not in Linux?

1) Because fewer Linux people are foolish enough to use the same account to read their personal email that they use to administer a network?
2) Because Linux (at least KDE) makes it so easy to have sessions or parts of sessions open in different accounts (compared to Windows) that the effort level of being that careful is tiny?
3) Because the author of the malware targeted a specific flaw in IE and when the attack went to FireFox it missed its target.

1 and 2 are very nice. But 3 did the job.

When Linux becomes as popular (to users or to attackers) as Windows, item 1 will be a lot more important, and we'll also need to mention how many people looked at the FireFox source code to help make it more secure, and how many distributions recompiled the FireFox source code with a different compiler version accidentally moving some of the trickier malware targets to random other places in the binary, etc. But until then, item 3 actually did the job.

Last edited by johnsfine; 04-30-2010 at 05:06 PM.
 
Old 04-30-2010, 04:50 PM   #8
fbsduser
Member
 
Registered: Oct 2009
Distribution: Hackintosh, SlackWare
Posts: 266

Rep: Reputation: 30
My top recommendation for secure OS is OpenBSD. It's quite dificult to install and maintain, but it's the most secure of them all (only two exploits found in the base package set since the first release of OpenBSD).
 
Old 04-30-2010, 04:56 PM   #9
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
To paraphrase a popular meme-- unusable security is unusable. That being said, openbsd isn't that bad, just any bsd in general is a bit harder than linux in general and with the xtra hoops for openbsd even more so.
 
Old 04-30-2010, 07:35 PM   #10
choogendyk
Senior Member
 
Registered: Aug 2007
Location: Massachusetts, USA
Distribution: Solaris 9 & 10, Mac OS X, Ubuntu Server
Posts: 1,189

Rep: Reputation: 105Reputation: 105
Quote:
Originally Posted by rweaver View Post
To paraphrase a popular meme-- unusable security is unusable. That being said, openbsd isn't that bad, just any bsd in general is a bit harder than linux in general and with the xtra hoops for openbsd even more so.
All our filtering bridges, NAT boxes, etc. are OpenBSD. My desktop machines are all based on OpenBSD (Mac OS X, that is). That said, as we replace the network boxes, we are moving to Linux with IPTables, partly because of the broader familiarity among the sysadmins, and partly because Linux has made a lot of improvement in the last several years on the security front. We're using Ubuntu server edition LTS.
 
Old 05-03-2010, 08:17 AM   #11
titosantana
LQ Newbie
 
Registered: Apr 2010
Posts: 3

Original Poster
Rep: Reputation: 0
Thanks to
rweaver
Hangdog42
johnsfine
fbsduser
choogendyk

I am going with opensuse and I will read all security doc which is almos 400 pages. guauuu. But i guess it is going to be worth as I will learn more about the OS.

Thanks again for sharing your knowlege.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux more secure than windows Chayann Dutta Linux - Security 33 07-20-2006 06:32 AM
Is Linux Truly More Secure than Windows? Nukem General 18 09-24-2004 08:54 AM
Linux vs windows? which is more secure? giovannym Linux - Security 5 08-05-2004 09:14 PM
Windows vs Linux, which is more secure? giovannym Linux - Newbie 5 08-05-2004 03:12 PM
Windows more secure than linux? Kage Linux - Security 7 02-12-2002 06:51 AM


All times are GMT -5. The time now is 02:44 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration