On Tue, 2002-02-26 at 22:30, [EMAIL PROTECTED] wrote: > > Currently we use RH 7.2 for some tasks within our network, but those > within the company with decision making ability are investigating the > possibility of replacing it with Solaris 8. The general consensus is that > with Open Source everybody has access to the source, so no guarantee can > be made for the security of the software, and back doors into the system > may be possible. I'm under the understanding that the kernel is basically > secure, and it is the software packages that are installed that can > introduce security concerns on a machine.
For a security overview read the wheeler site. http://www.dwheeler.com/oss_fs_why.html Red Hat 348 31 11.23 Microsoft 982 61 16.10 Sun 716 8 89.50 Uuughhh the paste did not work, read the page. It took on average 11.23 days to correct a security bug for redhat, 89 days for solaris. Read the point about interbase from borland. A backdoor was in a proprietry product until it was open sourced. Back doors are very very unlikely in source because they can be picked by any number of programmers around the world. You are talking ISP, you are going against the stream. Most ISPs use opensource linux / BSD including Microsoft. Read the page, it is balanced, well argued and very convincing. ANY MACHINE CONNECTED TO THE INTERNET IS INSECURE! The only way to lock down a box is not to install any software, it is not very useful. There is inherently insecure software on every box. Do you have FTP installed on any machine? Get rid of it. This is a major security risk open source or not. Do you use telnet as a standard business practice? Don't! KenF -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
