lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.58.0406220240500.15343@suse.bluegenesis.com>
From: full-d at parsec.net (Todd Burroughs)
Subject: M$ Getting Better?

> I for one, DO have experience in both Windows and Unix system administration, and everyone of our internet facing machines is running Linux.  Why?  Because for me they are easier to secure.  I can turn off any services that I don't need, I have a fully-functional firewall on every box, and I don't have to reboot once a month to stay secure(all updates are currently automated, only kernel vulns need a reboot).

>From my experiance, we reboot our Windows servers daily or more often
just to keep them running.  (They are very busy) It's a given that we
have to reboot when doing updates.  We don't usually have to reboot to
do updates with Linux or *BSD, unless we replace the kernel or libc,
which is much more rare.  (ok, Linux kernel has been bad lately ;-)

Basically, we run a bunch of load balanced Linux boxes and they don't
get rebooted much, except that we've designed and implemented a system to
install them automatically, so we reboot them for security updates because
it's easier (re-installs everything that is different), but then they
basically reinstall themselves.  It's simple, we don't have the unique
binary registry to deal with, just the config files that are common to
all similar servers.  This is not possible with Windows as far as I know.
(I know there's some third party stuff that might make it work, but it's
$$$ and probably second rate software)

On our Windows side, we have two servers to handle each group of users
(websites).  Our load balancers failover to one or the other.  Each of
these handles a max of 1000 domains.  The Linux servers have over 100,000
domains each and balance among a lot of servers.  This is not possible
with Windows (maybe by paying a *lot* of money it is, I don't know)

We have not figured out how to make a Windows box install and come up
serving web/mail with no human intervention, but we do that with all of
our Linux boxes.  When we lose a hard drive on a blade server, we replace
it and turn it on, it installs and comes up doing mail/web or whatever.

We also do not have any Windows boxes directly facing the Internet,
it's too dangerous.  They're all hidden behind firewalls, etc.   We have
hundreds of Linux and FreeBSD boxes directly on the 'net though.  It's a
pain to keep them safe, but it's not hard compared to Windows.

Sorry, but the MS system is not secure and not easy to secure or
administer on a large scale.  I prefer Linux and don't particularly like
MS, but I use whatever makes sense.  I'm not a "fanboy" for anything.

Todd


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ