Many system administrators, network architects and other such personnel have opted to take the road most traveled, choosing Microsoft as their platform. The reasoning behind this decision is actually quite obvious when you consider the level of automation, technical support and ease of installation that the Microsoft suite of products is famous for. But when analyzing the cost, security vulnerabilities and lack of control that Microsoft allows, system administrators must ask themselves whether the easier way is necessarily the right way. That's a big question, and it doesn't have a simple answer.
The Tiger Woods ParadoxWhen choosing the appropriate Linux distribution for a given network, system administrators often run into the same problem that ultimately led to the downfall of the Tiger Woods' marriage - an inability to settle on just one.
If you visit distrowatch.org, the variety of attractive options positively beckons even the least promiscuous within the world of system administration. The most popular among the major Linux distributions are Ubuntu, Mint, Fedora and openSUSE, all of which offer either the KDE desktop, or the more popular GNOME desktop. The latest Ubuntu distribution from Canonical has even developed a rather revolutionary, if not all that popular, desktop known as Unity. In their effort to enhance the aesthetically pleasing aspects of their product, each of these distros has produced a rather seductive GUI environment that would be unfamiliar to old-school Linux users.
So when choosing the appropriate distribution for a network, it may be best to sow one’s digital oats (... so to speak) before committing to a particular distribution. That said, in the interest of stability, it's important to ensure that ample amounts of thought and research are conducted prior to the grand selection so that the many nuances of a given Linux distribution fit an organization's needs. (Get some background on Linux distros in Linux: Bastion of Freedom.)
Linux as a Security BlanketAt the risk of sounding presumptuous, Linux is generally more secure than any of the current Microsoft distributions. Yes, I know; computer security is much more complicated than making sweeping generalizations. Things like end-user competence, network configuration, and OS configuration have to be taken into account as well. But when you take things like permissions, password encryption and the robustness of the source code into account within the more popular Linux distributions, I feel quite comfortable with the aforementioned sweeping generalization.
In an article at Network World, Ellen Messmer makes some valid arguments in favor of Windows that, quite honestly, I had not thought about. Basically, Windows provides a sort of one-stop shop for patches and technical support, whereas Linux, which is open source, is sort of all over the place in this respect. Furthermore, access to the Linux kernel is widely considered an advantage because it allows administrators to tweak their respective distribution in a manner more conducive to their environment. But Messmer actually argues the opposite perspective in that this access to the kernel requires more expertise on the part of the administrator, thereby limiting the pool of potential system administrators to which an organization may have access.
Keeping all of these arguments in mind, I'd still argue that, when properly implemented, Linux is by far the more secure environment. Take, for example, the authentication protocols offered by Microsoft. While the implementation of the Kerberos protocol has provided an outstanding upgrade from the NTLM protocol, Microsoft still supports the use of NTLM and LANMAN in order to better integrate with legacy systems. Furthermore, when a client inside a Kerberos-supported domain needs to authenticate itself with a server outside of the domain, the client is forced to revert back to one of the older authentication protocols.
Conversely, Linux uses a concept known as salted passwords to encrypt usernames and passwords. Put simply, each username is assigned a random string (the salt). This string is concatenated with the user’s password, and then hashed. Consequently, even if two users on a given network coincidentally choose the same password, the resulting hash stored in the password file will still be different from the other because they will almost certainly have different usernames incorporated into the hash. Like so many other features inherent to Linux, the concept of salting is an example of genius through simplicity, and it’s one of the many reasons Linux may have the upper hand in security when compared to a Windows environment.
When settling on a Linux distribution, administrators can rest assured that the above-mentioned security features are inherent to all of the more mainstream distros.