OS Scan 2004
Overview
Once again, it’s that time. The time when ISW will take some of the more popular operating systems used today, and see how they compare out of the box and with their latest security patches. The purpose of this project is to see how Linux stacks up against Windows XP, or Solaris against Windows 2003.
Objective
The goal is to see if the security patches software vendors release really offer protection against scans performed by the tools and techniques today’s attackers use. We have all heard the age old argument that Windows is the least secure and UNIX is the most secure. Our goal is to see if that is really the case.
History
Our first year, we discovered that a Solaris 8 cluster patch actually added some vulnerabilities. The following year, Redhat Linux proved to be the champ as it installed a firewall with a default installation that did a nice job of protecting most of its services and applications. Will Windows XP service pack 2 do the plagued OS any justice? Will Redhat Fedora keep true with the previous version 9 in protecting itself? How will Solaris 9 compare this year?
Each Operating System tested is installed in default configurations. Then it is scanned with Nessus and NMAP. Additional scans by SATAN will also be performed. It is most important to remember that in the end, the Operating System is only as secure as the Administrator makes it.
Redhat was champion last year. This year it enters the challenge with Fedora. |
Redhat 9 |
NMAP.TCP NMAP.UDP |
NESSUS |
SAINT |
Redhat Fedora |
NMAP.TCP NMAP.UDP |
NESSUS |
SAINT |
Microsoft attempts to improve security with SP2. |
Windows XP |
NMAP.TCP NMAP.UDP |
NESSUS |
SAINT |
Windows XP SP1 |
NMAP.TCP NMAP.UDP |
NESSUS |
SAINT |
Is Windows 2000 a secure OS? |
Server 2000 |
NMAP.TCP NMAP.UDP |
NESSUS |
SAINT |
Server 2000 SP1 |
NMAP.TCP NMAP.UDP |
NESSUS |
SAINT |
Server 2000 SP2 |
NMAP.TCP NMAP.UDP |
NESSUS |
SAINT |
Server 2000 SP3 |
NMAP.TCP NMAP.UDP |
NESSUS |
SAINT |
Server 2000 SP4 |
NMAP.TCP NMAP.UDP |
NESSUS |
SAINT |
Server 2003 is supposed to be the most secure OS to date. |
Server 2003 |
NMAP.TCP NMAP.UDP |
NESSUS |
SAINT |
Server 2003 SP1 |
NMAP.TCP NMAP.UDP |
NESSUS |
SAINT |
Solaris 9 is an old favorite, although not a popular target. Should it be? |
Solaris 9 |
NMAP.TCP NMAP.UDP |
NESSUS |
SAINT |
Solaris 9 w/ cluster patch |
NMAP.TCP NMAP.UDP |
NESSUS |
SAINT |