pavement

Security (Why FreeBSD?)

From FreeBSDwiki
(Difference between revisions)
Jump to: navigation, search
Line 1: Line 1:
 
:''[[Security]] redirects to this article about FreeBSD's security record. For information on securing FreeBSD, see [[:Category: Securing_FreeBSD |Securing FreeBSD]].''
 
:''[[Security]] redirects to this article about FreeBSD's security record. For information on securing FreeBSD, see [[:Category: Securing_FreeBSD |Securing FreeBSD]].''
  
FreeBSD has a significantly better security record—particularly out-of-the-box security—than most Linux distributions.  For example, a default FreeBSD installation includes OpenSSH configured to disallow root logins—a potential attacker must first know the account name of a user in the [[wheel]] group (because only users in group [[wheel]] can use [[su]]), log in as that user, and then [[su]] to root.  Most Linux distributions instead install OpenSSH configured to allow root logins, which is more insecure because it allows a cracker to use an [http://www.k-otik.com/exploits/08202004.brutessh2.c.php automated program] to attempt dictionary or brute-force attacks against the root account.
+
FreeBSD has a significantly better security record—particularly out-of-the-box security—than most Linux distributions.  For example, a default FreeBSD installation includes OpenSSH configured to disallow root logins—a potential attacker must first know the account name of a user in the [[wheel]] group (because only users in group [[wheel]] can use [[su]]), log in as that user, and then [[su]] to root.  Most Linux distributions instead install OpenSSH configured to allow root logins, which is more secure because it allows a cracker to use an [http://www.k-otik.com/exploits/08202004.brutessh2.c.php automated program] to attempt dictionary or brute-force attacks against the root account.
  
 
Furthermore, because only users in group [[wheel]] can [[su]] to root, even if a remote attacker knows root's password, the attacker is powerless if he cannot access the account of a user in group [[wheel]].
 
Furthermore, because only users in group [[wheel]] can [[su]] to root, even if a remote attacker knows root's password, the attacker is powerless if he cannot access the account of a user in group [[wheel]].
 
[[Category:Why FreeBSD?]]
 
[[Category:Why FreeBSD?]]

Revision as of 16:50, 29 November 2007

Security redirects to this article about FreeBSD's security record. For information on securing FreeBSD, see Securing FreeBSD.

FreeBSD has a significantly better security record—particularly out-of-the-box security—than most Linux distributions. For example, a default FreeBSD installation includes OpenSSH configured to disallow root logins—a potential attacker must first know the account name of a user in the wheel group (because only users in group wheel can use su), log in as that user, and then su to root. Most Linux distributions instead install OpenSSH configured to allow root logins, which is more secure because it allows a cracker to use an automated program to attempt dictionary or brute-force attacks against the root account.

Furthermore, because only users in group wheel can su to root, even if a remote attacker knows root's password, the attacker is powerless if he cannot access the account of a user in group wheel.

Personal tools