[Glastonbury] Robustness of different servers - report

Andrew M.A. Cater amacater at galactic.demon.co.uk
Tue Jan 4 07:22:41 GMT 2005


On Tue, Jan 04, 2005 at 12:48:40AM +0000, Ian Dickinson wrote:
> Interesting summary of a report from mi2g (a banking IT consultancy)
> on comparative security of different server platforms. BSD is reckoned
> to be best. The data aren't normalised, so the high number of
> successful attacks on Linux systems could just be the result of the
> large installed base.
> 
> http://www.mi2g.com/cgi/mi2g/press/170903.php
> 
> Anyone used or played with BSD? Maybe that's another subject for a
> monthly meeting.
> 
Installed a few times for other people. Not played with extensively.

Quick run down. There are four "free" BSD's and one commercial BSD -
though that appears to have effectively died a death after Windriver
bought in (BSDi).

<Tongue in cheek mode>

NetBSD - the original, derived from 386BSD which was the first port
to Intel. Will run on any architecture, potentially from Sinclair
digital watch upwards. That may be all it will do - it reached version
2.0 about a month ago after many years. Comments were that some of the
original brokennesses had never been fixed. May not support SMP/large
filesystems.

FreeBSD - aggressively developed. Now running in two streams - FreeBSD
4.x and 5.0. 5.0 is the later. Widely used. Has Linux kernel personality and
compatibility "stuff". Different: the differences from Linux may be
subtle or profound - in the same way that you feel confused moving from
a French car to a Japanese car or from a modern Ford to a Morris Minor :)
Has only just added SMP support IIRC.

Dragonfly BSD - a recent fork after one developer disagreed with the whole of
FreeBSD AFAICS. Very highly spoken of - not yet widely used.

OpenBSD - a fork from Free and NetBSD's. Developed primarily by one man
as a secure BSD variant. Intentionally limited in scope and intended for
servers. Do not cross Theo de Raadt under any circumstances: his
irascibility is legendary across the Internet :)  To OBSD we owe OpenSSH
and a recent fork of inetd. Hell to install IMHO, intentionally minimalist
but widely regarded. Not necessarily easy to upgrade between versions
which come out every six months on the dot. 
Will run on a wide range of architectures including Alpha/Sparc/MIPS.

</tongue in cheek mode>

BSD licensed code is not (necessarily) compatible with the GPL,
particularly older code with the infamous advertising clause (which 
requires you to credit the Regents of University of California, IIRC). 
CHECK THE LICENCE TERMS. It is also potentially easier to take BSD
licensed code and incorporate it into a commercial product without
giving anything back to the wider community. 

In all seriousness, it is probably worth installing FreeBSD once in a
while to see how the other half lives. FreeBSD documentation is also
extremely high quality. Be prepared for an "everything you know is
wrong" experience as you start out. If you can't take a complete change,
there is a Debian kNetBSD port - running Debian on top of the NetBSD
kernel - in it's early stages :)

OpenBSD is heavy Unix bondage and discipline - but produces a superb
server OS. You may or may not want to take on the additional hurdles -
in much the same way as you may not wish to run full NSA Security
Enhanced Linux - the constraints are/may be severe.

HTH,

Andy [assuredly NOT a BSD expert by any stretch of the imagination :) ]



More information about the Glastonbury mailing list