Ubuntu Server and Windows question. SOLVED

RickSMO

Hey everyone, I have a question. I am currently a college student and Microsoft IT guy. I had a question regarding Ubuntu server security vs windows. I recently added a gui to my ubuntu server because I don't know what I am doing otherwise, lol.

But while I was searching for information on ubuntu server I saw a lot of people saying how guis are normally considered a security risk, and that a lot of people use something like webmin or whatever else to remotely log in with a gui.

So my question is this, how does a gui as a security risk compare to using a windows server which is all gui based ? Is it the same? Is there something with linux guis that makes them less safe then windows? Or is it safer then windows but still a risk?

Please help with my confusion, lol.

mfillpot

The reason that most Linux and unix server admins do not use GUIs on their servers is because all running software add potential faults, vulnerabilities and crashes. By reducing the quantity of applications that are being run you reduce the potential exploitable vulnerabilties and reduce the system resources in use.

A simple example would be to consider the following:

Webserver1 has the following installed:
*Linux Kernel
*bash
*networking drivers
*apache webserver
*php

Webserver2:
*Linux kernel
*bash
*networking drivers
*apache webserver
*php
*gdm
*x11
*x11 libraries
*xml parsers
*gnome libraries
*ubuntu update manager
*gnome window manager
*libcairo
*gnome aplpications
*firefox
*etc...

Just a quick look at the list shows a great difference in the quantity of running application, which all can be searched on the web for security vulnerabilities, all of which can potentially cause a denial of service on the application layer or cause the cpu or memory to reach full load if exploited.

In contrast to until windows server 2008 you were forced to keep a gui running at all times, this mean that all gui applications, libraries and processes are always available to be exploited and reducing the quantity of resources that are available to the service you wish to give. Depending on what gui application and software is running the potential of vulnerability varies, but on a platform like windows that offers no option to turn of unnecessary apps you always have a high potential for failure.

RickSMO

So all of that makes sense, but since linux with a gui still would have to be directly hacked most likely instead of a virus effecting it like windows, that a linux with a gui server is better then a windows server still. Correct?

mfillpot

A Linux gui is more secure because it is not prone to the normal windows frustrations, but also because in a Linux Environment the applications are detached from the kernel which means that if they are compromised they cannot cause a kernel panic, in contrast with windows systems the gui is tied directly to the kernel, so if an app or the gui app fails it can result in a blue screen of death and a complete system freeze.

The best thing to take away from this is the fact that on a production machine you want to limit your running apps to the bare minimum to restrict resource usage and potential faults. If you start playing with CLI apps and basic configuration files you will quickly learn to love them and have no problem severing your attachment to guis.

ben

UNIX in general follows an acient golden rule: "if you don't have it, you cannot break it"
You tend to have a machine with just minimal services and nothing more, with just the utility you need, only minimal packages and so on.

RickSMO

you all were extremely helpful, Thank you I appreciate it. It all makes a lot of sense and I am really looking forward to learning linux and using it in the future.

Giving you all a thumbs up on karma, thanks again. Questions were very well answered.

RickSMO

didn't realize there was a 6 hour window on increasing karma, i'll make sure to get all of three of you tho.

5slight

When i first started using Linux as a server i started with fedora and use to spend hours looking for a gui tool to do everything but eventually i found that it was just not working.

In the long run you will properly find yourself using the command line more and more till eventually you wont need the gui!