no 'commodity' OS is 'secure' Re: [Beowulf] Which distro for
steve_heaton at iinet.net.au
Wed Jan 10 22:16:42 PST 2007
I agree with Andrew et al.
Having spent a short sentence inside a major financial institution's
security section I just thought I'd add a bit more.
They don't run Linux for *anything* related to security (although it's
starting to do well elsewhere). Everything is from 'major software
vendors'. The big boys in *NIX OS and apps.
In their opinion there is no Linux vendor (or associated financial
support) that could cover the risk. This place has bigger financial
teeth than most countries.
Nothing from M$, Apple or anyone else is allowed anywhere near the live
perimeter. No exceptions. Ever. They regularly get approached directly
and indirectly on the Evil Empire's behalf, as I'm sure you can imagine.
They also find this a regular source of mirth.
While I agree they're conservative they also run "relatively" recent aka
'stable' releases. Their test suite is awesome... and they have two
mirrors of the live environment: development and testing. 'Dev' is the
same platforms but typically less storage. The 'test' is an *exact* copy
of what is a huge environment. (Completely separate DR/BC as well).
They don't do squat without it having run through the test process.
This really blew me away... an >exact< copy of the whole live
environment. Platforms, versions, BIOS the whole shabang. (Rumour has it
even patch lead lengths). It was then pointed out that they're a bank.
Money is what they do. Money is what they have. Yours! :)
More information about the Beowulf