Posted by: Anonymous Coward
on January 28, 2003 11:20 AM
Actually what he said is 100% true.
Any Unix can be locked down and monitored with much greater accuracy and precision than any windows box.
Using BSM and process accounting I can keep track of each and every command one of my users or processes runs.
Using chrooted environments I can jail my processes so that even if someone was to find a "root exploitable hole" only that one process would be compromised.
Using PAM I have complete control over my users password and login policies.
Using fake or restricted shells I can give users access to certain services without giving them full access to the machine.
Using TCP wrappers I can prevent users from obtaining remote acess to my box period.
Using SSH I can encrypt all of my traffic so no-one can snoop my passwords and setup VPNs.
Using crypt on Solaris or MD5/SHA1 I have much greater password security than the cheesy hash that NT uses. Ever wonder why you need such long passwords on windows?
Windows is so painfully open and such an easy target because it was never designed with the network or multiple users in mind, that was an afterthought. Unix was designed from the begining with multiple users in mind so just from a structural point of view Unix is already more secure. Then throw on top of that the many free utilities/software available to me to secure my box as well a simple yet powerful environment that doesn't force me to use a mouse and fight with a gui that someone else designed such that I have to trust that the checkbox they put in this hidden window actually does something, you don't have a prayer in making you windows box as secure as an open Unix box. Unless maybe you turn it off, disconnect the network cable and put it back in it's box. Just my<nobr> <wbr></nobr>.02
Learn about Linux
Download Linux
Get Linux help
Re:Jay Beale's comments
Posted by: Anonymous Coward on January 28, 2003 11:20 AMAny Unix can be locked down and monitored with much greater accuracy and precision than any windows box.
Using BSM and process accounting I can keep track of each and every command one of my users or processes runs.
Using chrooted environments I can jail my processes so that even if someone was to find a "root exploitable hole" only that one process would be compromised.
Using PAM I have complete control over my users password and login policies.
Using fake or restricted shells I can give users access to certain services without giving them full access to the machine.
Using TCP wrappers I can prevent users from obtaining remote acess to my box period.
Using SSH I can encrypt all of my traffic so no-one can snoop my passwords and setup VPNs.
Using crypt on Solaris or MD5/SHA1 I have much greater password security than the cheesy hash that NT uses. Ever wonder why you need such long passwords on windows?
Windows is so painfully open and such an easy target because it was never designed with the
network or multiple users in mind, that was an afterthought. Unix was designed from the begining with multiple users in mind so just from a structural point of view Unix is already more secure. Then throw on top of that the many free utilities/software available to me to secure my box as well a simple yet powerful environment that doesn't force me to use a mouse and fight with a gui that someone else designed such that I have to trust that the checkbox they put in this hidden window actually does something, you don't have a prayer in making you windows box as secure as an open Unix box. Unless maybe you turn it off, disconnect the network cable and put it back in it's box.
Just my<nobr> <wbr></nobr>.02
#