|
How is Linux More secure than windows?
I had windows server running a couple of web sites. I always worried about been hacked. When review the security logs I would see some crazy number indicating the type of logon attempt. So I switched to Linux (opensuse 11.2). Now that I look for info on how to secure my server is even more scary because everybody talks about security, ssh (or something like that), root kits, etc. How is Linux more secure than windows?
Another point is that windows installed all the gui needed for us to admin the server quick and easy while linux recommend the console line server because anything else is security risk. How linux is more secure? Ok. There must be an answer to all this because I think it is my poor knowledge about how linux is secure at the end. This is my question: internet - router/firewall (forwarding port 80 only) - linux server (default firewall - default settings). Based on this: would I worry about security on other ports? ex. ssh 22? How can someone use port 22 if my router/firewall blocks it? If can someone give a bit of explanation on how this works I would appreciatted very much. I am looking for books for opensuse 11.2 nothing but there are thousands for Ubuntu. Is any version of linux better than the other? Thanks |
Any system is only as secure as the weakest link in its security chain, typically passwords or outdated versions of daemons/applications, etc. Your windows system can be more secure than a linux system or the linux system can be more secure than the windows system, it depends on a lot of factors. That being said, if people didn't talk about security would it make it any less important? For instance, if Joe has a contagious disease and John has a contagious disease and Joe never mentions it and John talks about methods transmission can be prevented preventing... which is safer?
Root kits exist in both windows and linux, a root kit is something that hides itself from the operating system by hooking into the kernel or replacing programs used to detect it. While often times not directly harmful themselves, they often have secondary programs like trojans or backdoors to let people remotely control and access your system. A simple rule of thumb is... the more applications, daemons, and complexity-- the higher chance of there being a critical flaw that is a security vulnerability. GUI's are amazingly complex and huge intertwined masses of applications to present an interface to the user and common APIs to programs which need to interact. An easier way to state this is-- "That which isn't installed can't be exploited." As far as firewalls go, they're great and it's good you're only forwarding over necessary ports. Do you have other machines behind the firewall? Are you sure those machines can never be compromised? What happens if someone compromises another machine behind the firewall and then attempts to compromise the secure web server...? That's why you want the secondary firewall, completely necessary? probably not... useful for minimizing damages in the event of another host being compromised? Absolutely. Security isn't a simple black and white, it's a multi-layered, complex and demanding discipline regardless of operating system and it's not a discipline that can guarantee safety no matter how well its done, its just a matter of getting to the minimalistic risk possible given your specific situation. The best distribution is a matter of contention, I would put forward though that minimalistic installs of CentOS/Redhat, Debian, Slackware, SuSE, and FreeBSD (not linux) are all near the top of the list of top 10 best server operating system installation candidates. My personal preference is Debian (netinstall) followed by CentOS followed by Slackware. Is linux more secure than windows? Given comparable levels of expertise, yes. It was designed as a multi-user operating system with security from the ground up not added in as an after thought later, so it's design is more conducive to being secure provided the administrator is competent. |
Thanks rweaver for your quick response. I have to agree in that at the end is how we admin the computer what makes the server secure. and this is my problem. I am not an expert on server administration and I need to understand how it is possible to someone to request a service on any port if the router/firewall has closed that port.
internet -> opensuse server = I would worry internet -> router/firewall -> opensuse server = is this secure? my understanding is that if the firewall has the port closed then there is no way to access any machine on that port. Is this true? I so then is this secure? Honestly I would give only 2 reasons I switched to Linux 1. Cost 2. I read linux would not ask for reboot for longer times I am still looking for info to change my mind because I find something interesting about linux. |
They can't request through firewall to a port that isn't open, but if they get in behind the firewall on say another host they would have no difficulty.
|
Quote:
Think of it this way, firewalls only protect the ports that they are blocking. Any port allowed access through the firewall is only as secure as the software listening on that port. Really what you want to be doing is looking at how the server is exposed to the Internet, and what services will be accessed over the Internet. Then you can look at what security measures, in addition to a firewall, need to be implemented. Security isn't a piece of software you run, it is the overall approach to how you deploy and manage your machines. Do you have a plan to keep the server patched and up to date? Do you have a plan to detect intrusions in case one should occur? Do you have a plan to figure out how someone gains unauthorized access? Do you need a backup server in case you have to take one down? Do you have multiple backups? |
Excellent advice.
|
Quote:
Second, a system subject to serious attack is only as secure as the weakest link in its security chain. But a typical Linux system is more secure than the weakest link in its security chain, because a variety of factors keep a lot of the potentially serious attacks from ever getting there. There are some fundamental security advantages to Linux, so that operated with the same competence and attacked with the same severity, a Linux system should be somewhat more secure. Linux also has some advantages influencing the security competence of the operator. For any level of effort and knowledge, Linux makes it easier to understand security issues and more likely to make better security decisions. A Linux user with insignificant effort and knowledge regarding security might make horrible security errors. But a Windows user with that same level of effort and knowledge would make worse errors. A Windows guru paying a lot of attention to security might do a near perfect job, but a Linux guru paying the same level attention would hit nearer perfect. But the big differences are the secondary differences. An un-inoculated child in a classroom of un-inoculated children is at serious risk of whatever disease we're talking about. An un-inoculated child in a classroom of inoculated children is pretty safe. That kind of effect is compounded to a much higher level in the Linux vs. Windows security issue. The following factors all multiply together and support each other: People writing malware want to choose the biggest target. The number of infected computers forwarding the malware. The range of OS install/configure choices complicating the malware's ability to target specific flaws. The relative fraction of other systems that are operated by careful intelligent people (forming that inoculated classroom) that won't forward any malware. Each of those would make Linux effectively more secure even if it weren't inherently more secure. The inherently more secure is just one more item compounding all those moderate size factors into the overwhelmingly more secure that people actually experience. That weakest link is sitting logged in on an admin account with rights over an entire network reading his personal email when a message causes malware to open in his default browser in a way that takes over control of the whole network. Why did this story happen in Windows, not in Linux? 1) Because fewer Linux people are foolish enough to use the same account to read their personal email that they use to administer a network? 2) Because Linux (at least KDE) makes it so easy to have sessions or parts of sessions open in different accounts (compared to Windows) that the effort level of being that careful is tiny? 3) Because the author of the malware targeted a specific flaw in IE and when the attack went to FireFox it missed its target. 1 and 2 are very nice. But 3 did the job. When Linux becomes as popular (to users or to attackers) as Windows, item 1 will be a lot more important, and we'll also need to mention how many people looked at the FireFox source code to help make it more secure, and how many distributions recompiled the FireFox source code with a different compiler version accidentally moving some of the trickier malware targets to random other places in the binary, etc. But until then, item 3 actually did the job. |
My top recommendation for secure OS is OpenBSD. It's quite dificult to install and maintain, but it's the most secure of them all (only two exploits found in the base package set since the first release of OpenBSD).
|
To paraphrase a popular meme-- unusable security is unusable. That being said, openbsd isn't that bad, just any bsd in general is a bit harder than linux in general and with the xtra hoops for openbsd even more so.
|
Quote:
|
Thanks to
rweaver Hangdog42 johnsfine fbsduser choogendyk I am going with opensuse and I will read all security doc which is almos 400 pages. guauuu. But i guess it is going to be worth as I will learn more about the OS. Thanks again for sharing your knowlege. |
| All times are GMT -5. The time now is 08:46 PM. |