Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Linux
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Selecting OS for High-availability/mission-critical web portal

from [Mohammad Halawah] Network Security [Permanent Link]
Subject: Selecting OS for High-availability/mission-critical web portal
Date: Wed, 29 Nov 2006 16:13:42 +0200 
Dear all,

I am a new system administrator for a company planning to create a web portal 
which provides email, IM, e-buisness, and search engine. Liferay is our 
portal management tool. 

I am searching for the best OS to be our platform. The required featuers are :

Attack resistance (I expect lot of attacks specially DoS).
Stability.
Performance.

Linux and OpenBSD are the main candidates for this mission.
Here I am listing my findings.


OpenBSD:
Pros 
^^^                     
Security oriented on its base level (compilers, syscalls).
System over all stability.

Cons
^^^ 
Performance is not the first priority. Benchmarks shows clear performance 
degradation when compared to Linux 2.6.x.
Package management is not easy to handle like (e.g. apt-get and yum). 
User community/developers are quite small.
By using third-party packages (e.g. liferay, apache), system security falls 
back to those applications security level. (The system is secure as the 
weakest link in the chain).
The project has financial problems (e.g. 
http://www.linuxsecurity.com/content/view/122166/169/) which means that it 
might not survive.



Linux Debian with SELinux:
Pros
^^^
Apply mandatory access control (SELinux)
SELinux improves access control as whole, and immunity towards malware 
(proactive approach).
Larger community, more howtos. 
Stability.
Tons of ready made packages.
Very easy security patching system, supported by good security team.
Our main services (Apache MySQL, Tomcat, and Liferay) were tested mostly for 
Linux boxes.

Cons
^^^^
Performance degradation of 7% (SELinux) 
(http://www.crypt.gen.nz/selinux/faq.html#WWW.14).


My thoughts are that:

*OpenBSD will become vulnerable as much as the running service on top of it. 
Hence I will lose the legendary security it has.

*When I look at top 51 (http://uptime.netcraft.com/perf/reports/Hosters) Linux 
had 45% share. Which means that it is highly secure.

* With OpenBSD I am not going to spend time hardening it but rather trying to 
get the services (MySQL, Apache, ...) running on top of it. While in Linux 
installing the services is easy but I need to spend good time hardening the 
OS itself.

Any hint/comment is welcome.


 
Best regards,
Mohammad
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Secure client/server file processing (was: How to check UID of process on the other side of local TCP/UDP connection), Greg Metcalfe
Next by Date:  Re: How to check UID of process on the other side of local TCP/UDP connection, Glynn Clements
Previous by Thread:  Re: Secure client/server file processing (was: How to check UID of process on the other side of local TCP/UDP connection), Greg Metcalfe
Next by Thread:  RE: Selecting OS for High-availability/mission-critical web portal, terry
Indexes:  [Date] [Thread] [Top] [All Lists]