Paul D. Robertson wrote: > On Tue, 19 Feb 2002, Martin Peikert wrote: >>It's not the OS that will solve your problems. The security of an OS is >>dependend of the ability and knowledge of it's administrator. If you are > > It's also dependent on its codebase (size, complexity, design, > implementation.)
Right, I forgot to mention that - but I thought it's obvious... >>more familiar with Linux, stay with Linux. If you are interested in a OS >>that is focussed on security, try OpenBSD. > > Familiarity is something that should be balanced against homogenity of the > environment. If your security infrastrcture is the same as your server > infrastructure, then there's the potential that a single problem will more > likely affect both systems. ACK - it would be better to run _two_ firewalls with _different_ operating systems. > The OBSD work really has more relevence in servers than firewalls, as most I cannot agree to that. > of the exploited services shouldn't be running on a firewall in the first > place. Other than the ICMP kernel bug recently, there's not much that > should have affected a well-configured Linux firewall in the last couple > years. Oops - what about the ip_conntrack_ftp bug (see http://www.securityfocus.com/archive/1/177070 for more information) or the bug in Linux 2.4 / iptables MAC match module (see http://www.securityfocus.com/archive/1/219180 for more information)? None of them hare related in any way to the configuration of the system. Martin P.S.: It would be sufficient to answer to the list. -- dipl.math. martin peikert Discon GmbH IT-Security Engineer Wrangelstrasse 100 http://www.discon.de/ 10997 Berlin, Germany _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
