[ale] [OT]FreeBSD Resources
bob at verysecurelinux.com
Tue Feb 24 21:17:54 EST 2004
On Tue, Feb 24, 2004 at 08:46:37PM -0500, John Wells wrote:
> On Tue, 24 Feb 2004 20:06:24 -0500
> Bob Toxen <bob at verysecurelinux.com> wrote:
> > Why?
> > For 99% of applications BSD has no advantages over Linux.
> So, out of curiosity and for the sake of discussion, what exactly
> comprises that 1%?
1. The boss says it's gotta be BSD.
2. Most/all of the other systems are BSD and so "that non-standard
Linux system" becomes a liability.
3. The person doing the firewall rules is more experienced with the
BSD firewall software than the Linux firewall software.
4. Extremely high performance is required. The last I checked
BSD has higher network performance. Unless one needs sustained
gigabit speeds this does not matter. This may not be true
as of the 2.6 Linux kernel. This assumes that the SysAdmin
understands performance so well that he won't introduce
I have tuned existing rule sets and obtained 10-30 fold
(3000%) improvement in performance. This rarely is needed.
5. Extremely high security is required. There's been some Linux kernel
security problems in the past few months. This assumes that the
person configuring the system is such an expert that the minor
security differences between Linux and Unix are more likely to be
a problem than a configuration error on the part of the SysAdmin.
I don't think that these reasons are valid for the other 99% of the time.
Computers are cheap. People's time is expensive.
Bob Toxen, CTO
Fly-By-Day Consulting, Inc.
"Your expert in Firewalls, Virus and Spam Filters, VPNs,
Network Monitoring, and Network Security consulting"
bob at verysecurelinux.com (e-mail)
+1 770-662-8321 (Office: 10am-6pm US Eastern Time)
+1 404-216-5100 (Cell away from office)
My recent talks on Linux security include:
at IBM's Linux Competency Center in New York City on Mar. 06 last year
at the Atlanta SecureWorld Expo in Atlanta on May 22 last year
at the Enterprise Linux Forum in Silicon Valley on June 04 last year
at Computer Associates' Atlanta Linux Security Summit on Sep. 16 last year
at Southeast Cybercrime Summit in Atlanta on Mar. 2-5 2004
at the FBI's Atlanta headquarters on Mar. 10 2004
"Real World Linux Security: Intrusion Detection, Prevention, and Recovery"
2nd Ed., Prentice Hall, (C) 2003, 848 pages, ISBN: 0130464562
Also available in Japanese, Chinese, and Czech.
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke
http://www.verysecurelinux.com [Network & Linux/Unix Security Consulting]
http://www.realworldlinuxsecurity.com [My 5* book: "Real World Linux Security"]
http://www.verysecurelinux.com/sunset.html [Sunset Computer]
Quality Linux, UNIX and network security and software consulting since 1990.
Public key available at http://www.verysecurelinux.com/pubkey.txt, keyservers,
and on the CD-ROM that comes sealed and attached to Real World Linux Security
pub 1024D/E3A1C540 2000-06-21 Bob Toxen <book at realworldlinuxsecurity.com>
Key fingerprint = 30BA AA0A 31DD B68B 47C9 601E 96D3 533D E3A1 C540
sub 2048g/03FFCCB9 2000-06-21
More information about the Ale