Schneier on Security: Linux Security
http://www.schneier.com/blog/archives/2005/01/linux_security.html
***********************************************************
Quote
***********************************************************
I'm a big fan of the Honeynet Project (and a member of their board of
directors). They don't have a security product; they do security
research. Basically, they wire computers up with sensors, put them on
the Internet, and watch hackers attack them.
They just released a report about the security of Linux:
===========================================================
Recent data from our honeynet sensor grid reveals that the average
life expectancy to compromise for an unpatched Linux system has
increased from 72 hours to 3 months. This means that a unpatched
Linux system with commonly used configurations (such as server builds
of RedHat 9.0 or Suse 6.2 ) have an online mean life expectancy of 3
months before being successfully compromised.
===========================================================
This is much greater than that of Windows systems, which have average
life expectancies on the order of a few minutes.
It's also important to remember that this paper focuses on vulnerable
systems. The Honeynet researchers deployed almost 20 vulnerable
systems to monitor hacker tactics, and found that no one was hacking
the systems. That's the real story: the hackers aren't bothering with
Linux. Two years ago, a vulnerable Linux system would be hacked in
less than three days; now it takes three months.
Why? My guess is a combination of two reasons. One, Linux is that
much more secure than Windows. Two, the bad guys are focusing on
Windows - more bang for the buck.
***********************************************************
Unquote
***********************************************************
--
Kayode Okeyode
http://del.icio.us/kayodeok
http://www.kayodeok.co.uk/weblog/