Security (Why FreeBSD?)
Line 1: | Line 1: | ||
FreeBSD has a significantly better security record, particularly as concerns out-of-the-box security, than most if not all Linux distributions. As an example, the default FreeBSD install includes OpenSSH set NOT to allow root logins - the hopeful remote user must log into SSH as a user in the wheel group, and must then [[su]] to root afterwards. Most if not all Linux distros instead default OpenSSH to allow root login, which is hideously insecure because it allows a cracker to use a program like John the Ripper to try dictionary or brute-force attacks against the root account directly. | FreeBSD has a significantly better security record, particularly as concerns out-of-the-box security, than most if not all Linux distributions. As an example, the default FreeBSD install includes OpenSSH set NOT to allow root logins - the hopeful remote user must log into SSH as a user in the wheel group, and must then [[su]] to root afterwards. Most if not all Linux distros instead default OpenSSH to allow root login, which is hideously insecure because it allows a cracker to use a program like John the Ripper to try dictionary or brute-force attacks against the root account directly. | ||
− | If you don't think there are toolkits "in the wild" right now to try dictionary / brute force attacks over the net against the root account over SSH, | + | If you don't think there are toolkits "in the wild" right now to try dictionary / brute force attacks over the net against the root account over SSH, [http://www.k-otik.com/exploits/08202004.brutessh2.c.php think again]. |
[[Category:Why FreeBSD?]] | [[Category:Why FreeBSD?]] |
Revision as of 00:46, 5 December 2004
FreeBSD has a significantly better security record, particularly as concerns out-of-the-box security, than most if not all Linux distributions. As an example, the default FreeBSD install includes OpenSSH set NOT to allow root logins - the hopeful remote user must log into SSH as a user in the wheel group, and must then su to root afterwards. Most if not all Linux distros instead default OpenSSH to allow root login, which is hideously insecure because it allows a cracker to use a program like John the Ripper to try dictionary or brute-force attacks against the root account directly.
If you don't think there are toolkits "in the wild" right now to try dictionary / brute force attacks over the net against the root account over SSH, think again.