>One point that has come up is along the lines of `most Internet >sites that have been hacked have been running Unix therefore Unix >is insecure'. Peter, If you have to try and defeat such a silly argument as this, then no figures are going to sway the argument. I'd suggest you simply make some up if you think it will help. One might try and argue that since most known exploits are designed to attack weaknesses/misconfigurations in widely deployed Unix environments using something "less known" is more secure. Obviously this is FUD also, since it relies on Security by Obscurity. The number of hacks should be far less important than the confidence level of your employees who are going to be handed the responsibility for ensuring the security of your environment. Your company has to make a long-term committed investment in their security policy, its implementation and enforcement. What OS is chosen might be affected by current skills, availability of skills in the future, and of course standard factors like suitability to task, etc... Try and point out the irrelevance of their arguments and get them to focus on pertinent issues that can be assessed in the context of your requirements. Cheers, Russ - NTBugtraq/NTSecurity moderator Check out the new moderated NTSecurityat_private mailing list, http://www.ntbugtraq.com/ntsecurity
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:58:31 PDT