In any organization, deciding on the proper platform usually involves a great deal of planning, foresight and practical experience. System administrators must take into account their organization’s available resources – regarding funding, existing hardware and the number of end users. They must also account for any potential growth that is likely to occur in the same organization.
Many system administrators, network architects and other such personnel have opted to take the road most traveled, choosing Microsoft as their platform. The reasoning behind this decision is actually quite obvious when you consider the level of automation, technical support and ease of installation that the Microsoft suite of products is famous for. But when analyzing the cost, security vulnerabilities and lack of control that Microsoft allows, system administrators must ask themselves whether the easier way is necessarily the right way. That’s a big question, and it doesn’t have a simple answer.
The Tiger Woods Paradox
When choosing the appropriate Linux distribution for a given network, system administrators often run into the same problem that ultimately led to the downfall of the Tiger Woods’ marriage – an inability to settle on just one.
If you visit distrowatch.org, the variety of attractive options positively beckons even the least promiscuous within the world of system administration. The most popular among the major Linux distributions are Ubuntu, Mint, Fedora and openSUSE, all of which offer either the KDE desktop, or the more popular GNOME desktop. The latest Ubuntu distribution from Canonical has even developed a rather revolutionary, if not all that popular, desktop known as Unity. In their effort to enhance the aesthetically pleasing aspects of their product, each of these distros has produced a rather seductive GUI environment that would be unfamiliar to old-school Linux users.
So when choosing the appropriate distribution for a network, it may be best to sow one’s digital oats (… so to speak) before committing to a particular distribution. That said, in the interest of stability, it’s important to ensure that ample amounts of thought and research are conducted prior to the grand selection so that the many nuances of a given Linux distribution fit an organization’s needs. (Get some background on Linux distros in Linux: Bastion of Freedom.)
Linux as a Security Blanket
At the risk of sounding presumptuous, Linux is generally more secure than any of the current Microsoft distributions. Yes, I know; computer security is much more complicated than making sweeping generalizations. Things like end-user competence, network configuration, and OS configuration have to be taken into account as well. But when you take things like permissions, password encryption and the robustness of the source code into account within the more popular Linux distributions, I feel quite comfortable with the aforementioned sweeping generalization.
In an article at Network World, Ellen Messmer makes some valid arguments in favor of Windows that, quite honestly, I had not thought about. Basically, Windows provides a sort of one-stop shop for patches and technical support, whereas Linux, which is open source, is sort of all over the place in this respect. Furthermore, access to the Linux kernel is widely considered an advantage because it allows administrators to tweak their respective distribution in a manner more conducive to their environment. But Messmer actually argues the opposite perspective in that this access to the kernel requires more expertise on the part of the administrator, thereby limiting the pool of potential system administrators to which an organization may have access.
Keeping all of these arguments in mind, I’d still argue that, when properly implemented, Linux is by far the more secure environment. Take, for example, the authentication protocols offered by Microsoft. While the implementation of the Kerberos protocol has provided an outstanding upgrade from the NTLM protocol, Microsoft still supports the use of NTLM and LANMAN in order to better integrate with legacy systems. Furthermore, when a client inside a Kerberos-supported domain needs to authenticate itself with a server outside of the domain, the client is forced to revert back to one of the older authentication protocols.
Conversely, Linux uses a concept known as salted passwords to encrypt usernames and passwords. Put simply, each username is assigned a random string (the salt). This string is concatenated with the user’s password, and then hashed. Consequently, even if two users on a given network coincidentally choose the same password, the resulting hash stored in the password file will still be different from the other because they will almost certainly have different usernames incorporated into the hash. Like so many other features inherent to Linux, the concept of salting is an example of genius through simplicity, and it’s one of the many reasons Linux may have the upper hand in security when compared to a Windows environment.
When settling on a Linux distribution, administrators can rest assured that the above-mentioned security features are inherent to all of the more mainstream distros.
Does It Have to Be Either/Or?
In the interest of further developing my marriage metaphor, please consider a system administrator with a taste for polygamy, and therefore use more than one distribution. Well, far be it from me to be the expositor of harsh judgments or preconceived notions. In fact, many of the Debian-based distributions have made significant advancements in areas that allow for greater integration between the two environments. For example, Ubuntu and Mint (among others) provide some rather robust support for the Server Message Block (SMB) protocol, the primary protocol involved when creating a Windows share. In the past, creating a share between a Linux and Windows environment was infuriatingly time consuming, but now the process has become ridiculously GUI-fied, making it easier for these two different environments to work together.
A system administrator may be of the so-many-distros-so-little-time persuasion, or he may be more of a digital purist. But whatever the case may be, eventually settling on one Linux distribution is key when it comes to overall network stability and convergence. This isn’t the easy way to do things, but in the long term, it isn’t the hard way either.