Paranoid Penguin - Security Features in Debian 3.1
I'd be remiss if I didn't at least briefly discuss one of my favorite characteristics of Debian, and the main reason I'm running it on my new Web server—Debian's relatively glacial release schedule. On the one hand, the delay in releasing Debian 3.1 (three years, or 21 dog/computer years after 3.0) was a bit extreme, and the Debian team has pledged a more predictable release cycle, probably one year from now on. But it's also true that stability enhances security.
Put another way, if you use Debian to run the latest desktop applications, or other things that depend on the very latest hardware drivers, you may be happier with the Debian variant Ubuntu, which has a predictable and short (six-month) release cycle. If, however, you want to build an appliance system that chugs along in a corner, requiring little ongoing maintenance other than regular security patches, Debian's longer release cycle is positively luxurious. In many situations, it's preferable to run somewhat-outdated but fully security-patched applications than it is to have to upgrade the entire operating system every six months (or sooner). I admit, however, that I am among the world's laziest system administrators!
Like UNIX itself, Debian provides the security-minded user with maximal power, flexibility and variety of tools, at the cost of complexity. Debian GNU/Linux 3.1 is probably not for you if you have an aversion to man pages or Google. But it's very flexible indeed. This article scratches only the surface of Debian's potential as a platform for secure server operations or for security scanning and auditing.
Next month, I'll conclude my “Security Features” trilogy with Red Hat Enterprise Linux. Until then, take care!
Resources for this article: /article/8885.
Mick Bauer (firstname.lastname@example.org) is Network Security Architect for one of the US's largest banks. He is the author of the O'Reilly book Linux Server Security, 2nd edition (formerly called Building Secure Servers With Linux), an occasional presenter at information security conferences and composer of the “Network Engineering Polka”.
Practical books for the most technical people on the planet. Newly available books include:
- Agile Product Development by Ted Schmidt
- Improve Business Processes with an Enterprise Job Scheduler by Mike Diehl
- Finding Your Way: Mapping Your Network to Improve Manageability by Bill Childers
- DIY Commerce Site by Reven Lerner
Plus many more.
- Non-Linux FOSS: Snk
- Building a Multisourced Infrastructure Using OpenVPN
- diff -u: What's New in Kernel Development
- Server Hardening
- 22 Years of Linux Journal on One DVD - Now Available
- Giving Silos Their Due
- Don't Burn Your Android Yet
- Controversy at the Linux Foundation
- What's New in 3D Printing, Part III: the Software