Paranoid Penguin - Security Features in Debian 3.1
I'd be remiss if I didn't at least briefly discuss one of my favorite characteristics of Debian, and the main reason I'm running it on my new Web server—Debian's relatively glacial release schedule. On the one hand, the delay in releasing Debian 3.1 (three years, or 21 dog/computer years after 3.0) was a bit extreme, and the Debian team has pledged a more predictable release cycle, probably one year from now on. But it's also true that stability enhances security.
Put another way, if you use Debian to run the latest desktop applications, or other things that depend on the very latest hardware drivers, you may be happier with the Debian variant Ubuntu, which has a predictable and short (six-month) release cycle. If, however, you want to build an appliance system that chugs along in a corner, requiring little ongoing maintenance other than regular security patches, Debian's longer release cycle is positively luxurious. In many situations, it's preferable to run somewhat-outdated but fully security-patched applications than it is to have to upgrade the entire operating system every six months (or sooner). I admit, however, that I am among the world's laziest system administrators!
Like UNIX itself, Debian provides the security-minded user with maximal power, flexibility and variety of tools, at the cost of complexity. Debian GNU/Linux 3.1 is probably not for you if you have an aversion to man pages or Google. But it's very flexible indeed. This article scratches only the surface of Debian's potential as a platform for secure server operations or for security scanning and auditing.
Next month, I'll conclude my “Security Features” trilogy with Red Hat Enterprise Linux. Until then, take care!
Resources for this article: /article/8885.
Mick Bauer (firstname.lastname@example.org) is Network Security Architect for one of the US's largest banks. He is the author of the O'Reilly book Linux Server Security, 2nd edition (formerly called Building Secure Servers With Linux), an occasional presenter at information security conferences and composer of the “Network Engineering Polka”.
Webinar: 8 Signs You’re Beyond Cron
11am CDT, April 29th
Join Linux Journal and Pat Cameron, Director of Automation Technology at HelpSystems, as they discuss the eight primary advantages of moving beyond cron job scheduling. In this webinar, you’ll learn about integrating cron with an enterprise scheduler.Join us!
|Android Candy: Intercoms||Apr 23, 2015|
|"No Reboot" Kernel Patching - And Why You Should Care||Apr 22, 2015|
|Return of the Mac||Apr 20, 2015|
|DevOps: Better Than the Sum of Its Parts||Apr 20, 2015|
|Play for Me, Jarvis||Apr 16, 2015|
|Drupageddon: SQL Injection, Database Abstraction and Hundreds of Thousands of Web Sites||Apr 15, 2015|
- Tips for Optimizing Linux Memory Usage
- "No Reboot" Kernel Patching - And Why You Should Care
- DevOps: Better Than the Sum of Its Parts
- Return of the Mac
- Android Candy: Intercoms
- Drupageddon: SQL Injection, Database Abstraction and Hundreds of Thousands of Web Sites
- Non-Linux FOSS: .NET?
- Play for Me, Jarvis
- Designing Foils with XFLR5