Linux vs. Windows security question
I've been asked by a client for an opinion on a broad security question (not my area of expertise). The situation is that the company will be merging a remote office with the main office (both offices are about the same size). Each office has one full-time IT person and, as an outside consultant, I handle some specific tasks in both offices.
The two networks are going to be merged, but also upgraded. One office uses Linux servers, one uses Windows servers. Thus, there is a debate as to how the integrated network will be set up. Much of the debate revolves around security with the Linux side stating that the conventional wisdom holds true that Linux is inherently more secure that Windows. The Windows side insists that a properly-configured Windows 2003 Server network (with proper firewall, anti-virus, intrusion protection, etc.) is as secure as a Linux network.
In spite of my stated preference to stay out of the debate (largely due to the fact that either of the IT people on staff is more qualified to comment than I am), the client insists that I make some comment by Monday (June 21st). So, what I am asking for are specific comments as to why Linux is or is not more secure than Windows. Presumably, most people here will think that it is, so I will be posting an equivalent question in the Windows security section.
Points will be shared among the most constructive answers, those that present some reasoning and justification.
Thanks in advance for your thoughts.
The two networks are going to be merged, but also upgraded. One office uses Linux servers, one uses Windows servers. Thus, there is a debate as to how the integrated network will be set up. Much of the debate revolves around security with the Linux side stating that the conventional wisdom holds true that Linux is inherently more secure that Windows. The Windows side insists that a properly-configured Windows 2003 Server network (with proper firewall, anti-virus, intrusion protection, etc.) is as secure as a Linux network.
In spite of my stated preference to stay out of the debate (largely due to the fact that either of the IT people on staff is more qualified to comment than I am), the client insists that I make some comment by Monday (June 21st). So, what I am asking for are specific comments as to why Linux is or is not more secure than Windows. Presumably, most people here will think that it is, so I will be posting an equivalent question in the Windows security section.
Points will be shared among the most constructive answers, those that present some reasoning and justification.
Thanks in advance for your thoughts.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks to all for your thoughtful comments. The information provided has already been very useful. For anyone who is interested, I will post an update when final decisions are made.
Where I currently work they had old windows domain controlers linked to Linux file servers. It is only a small site so the restricted access permissions are not a major problem. Instead of having one share and setting permissions within it as you would do normally in Windows I have multiple shares with effectivly share level permissions to control access. This is not a problem in a small company but for larger companies with more complicated permissions this can become a problem.
I had a choice to either recomend Exchange or an alternative for a new email system. I went with Suse Openexchange because although it is an integrated system is uses standard software (postfix, ldap, cyrusIMAP) with a central web interface. This means I can addon additional spam filtering, antivirus etc... very easily.
What I really like about Linux is that if you want to use a piece of software then just install it and it wont interfere with anything. Update the configuration to activate the software and it starts working but if anything goes wrong you just need to unconfigure it. If you install a 3rd party addon for Exchange and it stops working correctly you can have a big problem getting it working again.
In the end the network servers are my responsibility and I am accountable if anything goes wrong. Therefore I want to be able to go in and fix it and how have to wipe and reinstall everything.