[ale] [OT]FreeBSD Resources

Bob Toxen bob at verysecurelinux.com
Tue Feb 24 21:17:54 EST 2004 

On Tue, Feb 24, 2004 at 08:46:37PM -0500, John Wells wrote:
> On Tue, 24 Feb 2004 20:06:24 -0500
> Bob Toxen <bob at verysecurelinux.com> wrote:
> > Why?

> > For 99% of applications BSD has no advantages over Linux.

> So, out of curiosity and for the sake of discussion, what exactly
> comprises that 1%?

  1. The boss says it's gotta be BSD.

  2. Most/all of the other systems are BSD and so "that non-standard
     Linux system" becomes a liability.

  3. The person doing the firewall rules is more experienced with the
     BSD firewall software than the Linux firewall software.

  4. Extremely high performance is required.  The last I checked
     BSD has higher network performance.  Unless one needs sustained
     gigabit speeds this does not matter.  This may not be true
     as of the 2.6 Linux kernel.  This assumes that the SysAdmin
     understands performance so well that he won't introduce
     inefficiencies.

     I have tuned existing rule sets and obtained 10-30 fold
     (3000%) improvement in performance.  This rarely is needed.

  5. Extremely high security is required.  There's been some Linux kernel
     security problems in the past few months.  This assumes that the
     person configuring the system is such an expert that the minor
     security differences between Linux and Unix are more likely to be
     a problem than a configuration error on the part of the SysAdmin.

I don't think that these reasons are valid for the other 99% of the time.
Computers are cheap.  People's time is expensive.

> Thanks,
> John

You're welcome.

Best regards,

Bob Toxen, CTO
Fly-By-Day Consulting, Inc.
"Your expert in Firewalls, Virus and Spam Filters, VPNs,
Network Monitoring, and Network Security consulting"
bob at verysecurelinux.com (e-mail)
+1 770-662-8321  (Office: 10am-6pm US Eastern Time)
+1 404-216-5100  (Cell away from office)

My recent talks on Linux security include:
  at IBM's Linux Competency Center in New York City     on Mar.  06 last year
  at the Atlanta SecureWorld Expo in Atlanta            on May   22 last year
  at the Enterprise Linux Forum in Silicon Valley       on June  04 last year
  at Computer Associates' Atlanta Linux Security Summit on Sep.  16 last year
  at Southeast Cybercrime Summit in Atlanta             on Mar. 2-5 2004
  at the FBI's Atlanta headquarters                     on Mar.  10 2004

Author,
"Real World Linux Security: Intrusion Detection, Prevention, and Recovery"
2nd Ed., Prentice Hall, (C) 2003, 848 pages, ISBN: 0130464562
Also available in Japanese, Chinese, and Czech.

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke

http://www.verysecurelinux.com       [Network & Linux/Unix Security Consulting]
http://www.realworldlinuxsecurity.com [My 5* book: "Real World Linux Security"]
http://www.verysecurelinux.com/sunset.html                    [Sunset Computer]
Quality Linux, UNIX and network security and software consulting since 1990.

Public key available at http://www.verysecurelinux.com/pubkey.txt, keyservers,
  and on the CD-ROM that comes sealed and attached to Real World Linux Security
pub  1024D/E3A1C540 2000-06-21 Bob Toxen <book at realworldlinuxsecurity.com>
     Key fingerprint = 30BA AA0A 31DD B68B 47C9  601E 96D3 533D E3A1 C540
sub  2048g/03FFCCB9 2000-06-21

More information about the Ale mailing list