Windowsvs.

Linux:AComparativeStudy
OneofthemanyrowsofLinuxserversatGooglesserverfarm Presentedby: JoeCabrera TechnicalWritingN4 Spring2009

Linuxvs.Windows:Acomparativestudy For: Dr.JackieDomingue TechnicalWritingInstructor BlinnCollege Bryan,TX Presentedby: JoeCabrera TechnicalWritingN4 14April2009

27April2009 4302CollegeMainApt.377 Bryan,TX77801 Dr.JackieDomingue TechnicalWritingInstructor BlinnCollege 1234VillaMaria Bryan,TX77840 DearDr.Domingue: ThisismycomparativeofstudyofLinuxandWindowsonserver.Thegoalofthisproposalistopersuade thereadertouseLinuxonserversthattheyareadministrating.Itiswritteninsomewhattechnical languageyet,itismydesiretogreatlysimplifyandexplainthelanguagetonontechnicalreaders.This comparativeguidestrivestoexplainthedifferencestoanontechnicaluser.Inadditiontoprovidingan indepthoverviewofthemajorsystemdifference,thisguidealsodiscussesspecificinstanceswhenone operatingsystemwouldbemoreappropriateforcertaintasks. Thisguideisdirectedtoanysystemorwebsiteadministratorthatneedsastableandreliableoperating systemtorunontheirserver.IrecommendLinuxforanybusiness,governmental,oreducational institutionthatneedsaqualityserver.Itisimportanttohavesecureoperatingsystemforyourserver, sinceyourserverwillonlybeassecureastheoperatingsystemitisrunningon.AfterusingLinuxonmy homecomputerandworkserverIhavecometotheconclusionthatLinuxisthebestoperatingsystem tobeusedonserverplatformandevenonthedesktopcomputerofaverycomputersavvyenthusiast.I usedtheworkserverformanytasksincludingrunningaWebserverandMailserver.Ihavealsobeen highlyinvolvedintheTexasA&MLinuxandUnixGroup(TAMULUG).Alloftheseapplicationsstemfrom myinterestincomputersandelectronicsthatIhavehadfromanearlyage.WiththissaidIhaveuse haveusedWindowsandMACOSandcanevenvaguelyrememberusingDOSintheyearsbefore Windowsbecamequitepopular. Ihavecompletedthiscomparisonwiththeaidofseveralprintandelectronicresources.Ihavealso drawnonmypersonalexperienceandknowledgetofurtheradvocatemyposition.WhileIrealizeImay bespeakingtoanaudiencethatislargelycomfortablewithWindows,mygoalistohelpadministrators everywhereembracetheneedfortheLinuxoperatingsystem. Sincerely, JoeCabrera

InformationalAbstract Linuxvs.Windows:Acomparativestudy Thisproposalisdirectlytowardsbusiness,governmental,oreducationalinstitutionthatneeds toimplementaqualityserver.Whilethistopicincludeshighlytechnicallanguage,itisthegoalofthis reporttoconveythenecessarymaterialinaformthatiseasytounderstandforthemorenontechnical readers.Thereportcontainsaglossaryoftermsthatisdesignedtoexplainsometermsthattheaverage computeruserwouldmostlylikelynotbefamiliarwith.Severalgraphicsareincludedthroughoutthe studytoprovideinformationandaidthereaderinunderstandingsomeoftheharderconcepts. ThisreportexaminesWindowsandLinuxsidebysideonthefollowingcriteria:Cost,Security, Configurability,andUserfriendliness.Thisreportwillalsoexaminespecificinstanceswheneach operatingsystemmightbethemoresuitablechoiceforthetaskathand.Afterreadingthisproposal,I hopethatthereaderswillhavegainedamoreinformedknowledgeofthedifferencesbetweenboth operatingsystemsastheyrelatetoaserverplatform.

iii

TableofContents Page

TITLEPAGE.....i LETTEROFTRANSMITTAL..ii ABSTRACT..iii TABLEOFCONTENTS..iv LISTOFILLISTRATIONS...v GLOSSARY.1 INTRODUCTION.2 COST..3 SECURITY.4 CONFIGURABILITY.9 USERFRIENDLINESS11 CASESTUDIES.....12 CONCLUSION.13 BIBLOGRAPHY..14 APPENDIXA:ORGINALPROPOSAL18

iv

Figures
Figure1 Figure2 Figure3 Figure4 ServerMarketShare3 RemoteProcedureCall..8 Iptablesexampleforbasicfirewall.10 WindowsServer2008andLinuxServersidebyside.13

 Glossary UNIXfirsttrulyportablecomputeroperatingsystemdesignedatAT&TBellLabsbyDennisRitcheand KenThompsonin1969.LinuxsharesmanysimilarcharacteristicswithUNIXandbotharenixsystems Serverinthestrictestsenseisacomputerthatacceptsrequestsfromclients.Inthecontextofthis documentaWebserveracceptsHTTPrequestsfromclients. Clanguagelowlevelmultipurposecomputerprogramminglanguagedevelopedin1972byDennis RitchewhilehewasworkingatAT&TBellLabs.ItwasoriginallyusedtodeveloptheUNIXoperating system. DoSDenialofServiceattack.Attackthatattemptstomakeacomputerresourceunavailabletousers withlegitimateaccess. GUIGraphicalUserInterface.Usedtodescribethegraphicalinterfacetheuserusestointeractwiththe computer.Itusuallyoffersiconsandvisualitemsareopposedtoatextbasedinterfacewhichusually onlyhandlesandreturnstextinput. RPCRemoteProcedureCall.Thiscallallowsacomputerprogramtoruninanotheraddressspace, commonlyanothercomputeronthesamenetwork.Thisallowsprogramstoberemotelyexecuted withouttheprogrammerspecificallystatingwhowillcallit. SQLStructuredQueryLanguage.Itisadatabasecomputerlanguagethataidsintherevivaland managementofdatastoredinlargedatabases.Itwasfirstdevelopedinthe1970sbyAndrew RichardsonofIBM. MySQLAnopensourceDatabaseManagementSystemthatiswritteninCandiscrossplatform.Itis usedbymanyasafreeandopensourcealternativetoSQL IPaddressInternetProtocoladdress.Logicaladdressusedbycomputerandothersimilardevicesfor identificationonacomputernetwork.ThecurrentandmostwidelyusedInternetProtocolVersion4 (IPv4)uses32bitnumbers. PortInthecaseofcomputernetwork,aportisprogramspecificsoftwaredevicethatallowsthe programtoreceiveandsendnetworkcommunicationsatonecentralpoint.Mostapplicationsor serviceshaveaspecificportthattheywilllistenandtransmiton. Protocolastandardsetofrulesusedfordatatransmission,errordetecting,andsignalingonaspecific communicationchannel. ActiveDirectorydatabasesystemcreatedforWindowstoprovideseveralnetworkservicesincluding LDAPservices,Kerberosbasedauthentication,andtheDNSnamingsystem DomainControllerOnaWindowsbasedserversystem,itisaserverthatrespondstosecurity authenticationrequestincludingthoseusedbytheLDAPdatabase.

Introduction
LinuxandWindowsaretwooperatingsystemsthatareconstantlycompetingfromcontrolof thecomputermarket.Bothoperatingsystemshaveshownconsiderablegrowthintheserverworld. MicrosoftreleaseditsfirstserverOSin1993underthenameWindowsNT,justaboutthetimethatthe LinuxOSbegansurfacingontheinternet.SincethenWindowsserversandLinuxserversbegangrowing byleapsandbounds.ManyserversthatwererunbyUNIXbeganconvertingtoLinux,atrendthatwould continueintotheearlytwentyfirstcentury.WindowsNTusebegangrowinglargelyduetothefactthat NTintroducedthefirst32bitimplementationoftheWindowsAPI.AnAPIincludestheprotocol, routines,andlibrariesneededforapplicationbuilding.By2000,WindowsandLinuxeachcontrolled roughlyhalfoftheoverallservermarket.TheLinuxsidecontainedsuchasNetWare,BSD,andDebian basedLinux.Howeverby2008,Windowscontrolled38.8percentoftheoverallservermarketshare comparedtoLinuxs12.7percent.Howeverthisdataisbasedontotalrevenueofbothserversandmost Linuxserversoftwaredistributionsarefreeandsalesarerarelydocumented.Asof2009,fiveofthetop tenmostreliableserversranLinux,threeranFreeBSD,andonlytworanWindows.Someexamples includeGoogle,Yahoo,YouTube,andFacebookandkeygovernmentalagenciessuchastheUSArmy. Linuxisbyfarthechoiceofoperatingsystemformanymajorwebsites.OneofthefewmajorwebsiteI couldfindthatranWindowswasbynosurprisewindows.com.InmanypeoplesmindsLinuxistheonly opinionforqualitywebservers,butforothersnothingiseasierthanthepointandclickallureof Windows.Eversince1993,LinuxandWindowshavebothattemptedtogaincontroloftheserver market.Therearemanyadvantagesanddisadvantagestobothoperatingsystemsintheserverworld.

ServerMarketShare
Other 17% Linux 13% UNIX 33% Windows 37%

Figure.1PieChart

ThepurposeofmyreportistoexaminethekeydifferencesbetweenLinuxandWindowsand howthesedifferencescanaffectthepotentialuseofeachserver.ThereareseveralkeyareasinwhichI wouldliketocompareLinuxandWindows.Theseareasarecost,security,configurability,anduser friendliness.Inwillalsoexamineparticularinstancewereeachoperatingsystemwouldbemoresuited forspecifictasks.Myaudienceisanycomputeradministratorthatneedstoimplementaqualityand reliableserver.

Cost
ThenewestversionofWindowsserversoftware,WindowsServer2008Standard,retailsinthe

UnitedStatesat$999andincludesfiveClientAccessLicenses(CALs).AClientAccessLicenseisatypeof softwarelicensethatallowsclientcomputerstoconnecttoMicrosoftserversoftware.WindowsServer 2008and2003requireoneCALformeachconcurrentconnection.Toillustratethis,takeforexample thatabusinessnetworkhascomputersthatareusedby10people.Howeverofthiscomputernetwork therearenevermorethanfivepeopleusingtheserversoftwareatonetime.Thenthebusinesswould onlyneedfiveCALs.CALscanbeusebyeitherusersordevices;devicescouldincludekiosksorshared computersystems.Whilethisoptionmaybeaffordableforsmallbusinesseswithlimitedtechnical 3

 support,butitwouldbecomequiteexpensiveformanylargebusinessesandcorporations.Windows alsomarketstheirmoreextensiveWindowsServer2008Enterpriseeditiontolargerbusinessesinneed ofserversoftwarewithlargerscalability.TheEnterpriseeditionalsoincludes25CALsandispricedat $3,999,butalsocanhandlemoreapplicationdemandsthantheStandardeditioncan. Linuxontheotherhandiscompletelyfree.ItislicensedundertheGNUGeneralPublicLicense

whichallowsforthefreedistributionoftheLinuxsourcecode.Anyonecanmodifythecodetosuittheir specificneedsaslongasthecodeisneversoldforaprice.Howeveritisalsoimportanttonotethat manycompaniesprovidesubscriptionbasedsupportforLinuxatanominalfee.RedHat,ofthemany companiesthatprovideLinuxsupport,offersRedHatEnterpriseLinuxwithabasicsupportsubscription for$349whichincludesWebsupport,2businessdayresponse,andunlimitedincidents.Thehiddencost inLinuxliesinitssupportandmaintenance.InanAnalystreportbyHewittConsulting,itisstatedthat Overtime,itisgenerallyagreedthatLinuxtalentsupplywillincreaseandduetothisnotonlywill Linuxtalenthiringbechallenging,butLinuxcostswillrise.Itisnosurprisetonotethatthisreportwas commissionedbyWindowsandisprominentlydisplayedontheirsitecomparingLinuxserversto Windowsservers.WindowsalsoemphasizesthatWindowsServerreducestheTotalCostofOwnership (TOC).HoweveronceaLinuxserverisproperlyinstalledandtailoredtoyourneeds,itissignificantly morecostefficienttomaintaininthelongrun.ThechieftechnologyarchitectatMerrillLynch&Co.is quotedinComputerWorldforstatingthatthecostofrunningLinuxistypicallyatenthofthecostof UnixandMicrosoftalternatives(Greene).TheheadtechnicianatoilcompanyAmeradaHessmanages 400Linuxserversbyhimself.

Security
WindowsserversarebasedofftheWindowskernelandarethussusceptibletomanyofthe

samesecuritythreatsasanynormalWindowsoperatingsystem.Tounderstandthisitisimportantto

 userstandsomeofthehistoryofWindows.Windowswasoriginallydesignedtobeasingleuser operatingsystemandwhenitwasfirstreleasedhadnonetworkingcapabilities.Priortothereleaseof WindowsNT,Windowsonlyofferedonecategoryofusersthatcoulddoanything.PriortoWindows Vista,thefirstuseraccountcreatedduringtheWindowssetupprocessisautomaticallyamemberofthe administratorgroup.Mostusersneverchangedtoanaccountwithfewerrights,thusgivingmalicious programsfullaccesstothesystem.ItwasnotuntilWindowsVistathatMicrosoftfinallyaddressesthis issueandcreatedUserAccessControl(UAC).InVistaallloggedinsessionsincludingadministratorusers runwithstandarduserprivilegesandactionsthatrequireadministratorstatustooperatemustuseUAC. UACpickedupontheprincipleofleastuseraccessthatUNIXhasusedsinceitwasfirstcreated.The principleofleastuseraccessallowseverymodule(user,process,orprogram)toonlyaccessresources thatarenecessaryforitslegitimatepurposes.UACassignstokenstoeachuserthatlogson,butonly assignsadministratorstokenstomembersoftheAdministratorgroup.Inthesecondhalfof2005alone therewere11,000malwareprogramsdiscoveredforWindows.Windowshasalsobecomesusceptible tobotnets.Botnetsareanetworkofinfectedcomputersthatarecontrolledbymaliciouspersonsand havecommonlybeenusedtostagemassiveDoSattacks.MicrosoftclaimsthatitsWindowsServer2008, justlikedidwithWindowsServer2003,issecurebydesign.WindowsServer2008includedmany featuresforhardeningallofitsservicesincludingtheuseofActiveDirectorytoauthenticateusers. WindowssclosedsourceapproachonlyallowsMicrosoftemployedprogrammerstofixbugs.Microsoft continuestoclaimthatclosedsourceoffersafasterandmoreeffectiveresponsetosecurityissuesor bugs.Howevermajorfixesandpatchesareonlyreleasedonceamonthafterextensiveprogramming andtesting.Itiscommonforspecificbugsandsecurityissuestogounpatchedforseveralmonths. TherearemanyflawsintheMicrosoftdesignthatmakeitmorevulnerabletosecurityattacks. ManypeoplefalselybelievethatWindowsistheprimarytargetofsecurityproblemsandvirusessimply becauseithasthelargestmarketshare.HoweverthisreasoningisstronglydefeatedwhenAccordingto

 theSeptember2004Netcraftwebsitesurveys,68%ofallwebsitesruntheApachewebserver.Only 21%ofwebsitesrunMicrosoftIIS. UsingthislogiconewouldconcludedthatApachewebserveris moresusceptibletoattack,howeverthisisnotthecase.ThemassiveCodeRedWormthatwasreleased in2001targetedMicrosoftsIISwebserveranddefacedmanyserversworldwide.WhilebothIISand Apacheareequallyvulnerabletoattack,itisimportanttounderstandthatyourwebserverisonlyas secureastheplatformthatisrunning.IfanattackercangainadministrativeprivilegesonanOS,itis relativityeasytotakecontrolofthewebserveritisrunning.WithWindowssmanyunderlyingsecurity flawsitisthusplaintoseewhyIISwebserversareusuallycompromisedwithgreatersuccess. TheLinuxmodelforsecuritytracesitsrootsbackdirectlytoUNIX,whichwasthefirstmulti taskingandplatformportablecomputeroperatingsystem.Hereitisimportanttounderstandthe historyoftheUNIXoperatingsystemtofullyseethereasonwhyUNIXandthereforeLinuxarevery secure.WhenUNIXwascreatedcomputerswereonlyavailableinlargeinstitutionssuchasuniversities andkeygovernmentresearchfacilities.Itwastooexpensivetomaintainapersonalcomputerandmany oftheearlycomputerstookupentireroomsandcontainedasmuchprocessingpowerasourmodern daycalculators.Mostcomputersduringthisagecontainedvacuumtubesanddatawasstoredonpunch cards.ThusKenThompsonandDennisRitch,creatorsofUNIXandtheClanguage,developedtheideaof timesharinganduseditfortheirfirstoperatingsystem,UNIX.UNIXwascreatedtoharnessthenew foundcomputationalpowersoftheworldfirstcomputersanddivideitsprocessingpowerequally betweenusers.Withthedevelopmentofthemodemitalsoalloweduserstoforthefirsttimeinhistory toremoteconnecttocomputersandaccesstheseresourcesfromahometerminal.UNIXfromthe beginningseparatedadministratorprivilegesfromthoseofthenormaluser,somethingthatWindows didnotimplementuntiltheyrealizedthatpeoplewouldactuallybeusingtheiroperatingsystemfor morethanoneuser.TheUNIXoperatingsystemalsoutilizedthefirstencryptionmethodstobeusedon computersanddevelopedasystemthatallowedcomputerstosecurecommunicatewitheach.Sincethe

 firstcomputersnetworkslinkedtheselargecomputerstogether,itwasnecessarytoensuresecurity acrossthenetworkandensurethatdatapacketsgottotheirintendeddestinations.TheLinuxoperating systemhasinheritedallofitssecuritymeasuresanddesignfromUNIXandhaseveninmanycases addedtoit. TheUNIXoperatingsystemdividescontrolbetweennormalusersandaonesuperuser,known asroot.Allusersbydefaultwhentheyloginontothesystembeginasnormalusersandthencan becomethesuperuseriftheyknowthecorrectpassword.Thispreventsanoviceuserfromaccidently makingasystemwidechangethatcouldbringthesystemtoagrindinghalt.Italsoprotectsanormal userfrommakinganydestructivechangestothesystemthatcouldjeopardizetheusebyotheruserson thesystem.IntheUNIXsystem,everyfileandprocessbelongstoaspecificuserandaspecificgroup. Everyfilehasspecificpermissionsfortheowner,group,andothersthatincluderead,write,andexecute access.Therootusercanexecuteanyfilewithexecutepermissionandread,write,andmodifyanyfile onthefilesystem.Thismodelensuresthatonlythecorrectpeoplehaveaccesstofilesandcommands. Sincemajorsystemchangescanonlybeaccomplishedassuperuser,itmakesitveryhardforanyoneto causedestructiontoasystemwithoutsufficientprivileges.Whileitisstillpossibleforanattackerto exploitakernelsecurityhole,withthousandsofpeopleworldwidecontributingtothecodeitispossible tofixasecurityholeinamatterofusuallyhours.Ontheotherhand,itmighttakeseveralmonthstofix asecurityholeinWindows.WiththecaseoftheCodeRedwormthatattackedIIS,Microsoftreleaseda fixtopatchthehole,butmanyserveroperatorswereslowtopatchthesystemandthusthenextwave, CodeRedIIwasalsoverysuccessfully.Microsoftsownserverswerenotimmediatelyupdatedandthus Microsoftonceagainfelltothenextroundoftheattack.Thusrepresentsacasewerethesystem administratorsdidnotactquicklytopatchthesystemwhenholeswereknowntoexistandfixeven existed.

 ThemodulardesignoftheUNIXoperatingsystemmakesitgreatlymorestablethanWindows. UNIXisatextbasedsystemthatdoesnotrequireanadditionalGUItofunctionandthuswillnotfailif yourcomputerhasabadgraphicsdriver.EventhoughmanyLinuxdistributionsincludedaGUI,Linux canalwaysdropdownatextbasedsystemiftheGUIfailsforsomereason.WhileWindowsrequires rebootsaftersystem,driver,andsometimesoccasionalprogramupdates,Linuxonlyneedstobe restartedforkernelupdates.Usingaspecialsystemutilityitisevenpossibletoloadanewkerneland executeitwithoutahardwarereset.Linuxreliesonnospecificwebbrowseroremailprogramandthus aflawinaparticularwebbrowserwillnotcausedamagetotheentiresystem.Whilethekernelsupports manymodulardrivers,thekernelforthemostpartismonolithicwhereservicesaretiedcloselytogether (Petreley).However,LinuxrunsundertheviewthatWheneverataskcanbedoneoutsidethekernel,it mustbedoneoutsidethekernel(Petreley).ThisisinstronglycontrasttoWindowsthatforcesgraphic driverstoruninthekernelandthusonebadgraphicdrivercanbringWindowstoascreechinghalt. LinuxalsodoesnotrelyontheRPCmodel,whichcommandsanotherprogramtodosomething thatcanberunfromaremotemachine(Petreley).OnaLinuxsystemitispossibletodisableallRPC relatedservicesandstillmaintainsystemfunctionality.MySQLforexampleisbydefaultsetuptonot listentothenetwork,whereasSQLalwayslisten.MostLinuxapplicationsskirtaroundthisneedforRPCs byrespondingtoLinuxsbuiltinloopbackmethodthatallowsapplicationstoonlyrespondtothelocal machine.

Client Process
Client Subroutine

apparent flow

Server Process
Server Subroutine

Figure.2 RPCRuntime Library

Network messages

RCPRuntime Library

 Linuxserversaredesignedbeaheadlesssystemthatcanbecontrolledremotely.MostLinux serversconsistofjustthecomputertowerthathaspowerandaninternetconnection.Thisgreatlycuts downthenumberofproblemsandsusceptibilitiesofalocallyadministeredserversuchasWindows Server.Securityholesontheremotesystemwillnotaffecttheserveryouareadministering.

Configurability
Windowssystemsarelimitedbytheneedtohaveagraphicfacetoproperlymaintainand

configuretheserver.Insteadofbeingabletoeasilyaddnewsecurityfeaturesandelements,Windows monolithicdesignmakesitdifficulttosuccessfullyaddanewsecuritymoduletotheexistingsystem withouthavingtodoamajorsystemoverhaul.Allthesecurityfeaturesthatcomewiththereleaseofa particularWindowsServersoftwarereleasearetheonlyfeaturesthatwillbeavailabletothesystem administrator.Ittermsofuserauthentication,WindowshasActivedirectoryanditisusedtoforceusers andclienttoprovetheiridentitytotheserver.WhileLinuxbasedauthenticationallowsfor authenticationfromWindowsbasedclients,ActiveDirectoryontheotherhandwillonlyauthenticate Windowsbasedclients.CustompacketfilteringisnotsomethingthatisnativetoWindowsandthusa WindowsserverthatwantstoimplementcustompacketfilteringmayneedtoturntoanIPSec implementationtoservetheirneeds.WindowsServer2003featuredaverybasicpacketfilterthat wouldonlyblockspecificincomingpacketsbasedonsourceIPaddressanddestinationport.Windows Server2008expandedthistofilterbothincomingandoutboundpacketsbasedonprotocol,sourceIP address,destinationIPaddress,sourceport,anddestinationport.HoweverwhileWindowsServer2008 didfinallyintroducethisfeature,itisimportantthatpacketfilteringnotsomethingthatisnativeoreven consistentinWindows. Linuxisdesignedtobetailoredtothespecificneedsoftheuser.SinceLinuxisopensource

softwareanyonecandownloadit,customizeitandthenrecompileittofittheirspecificneeds.Also sinceLinuxisnotlimitedbytherelianceonagraphicalinterface,theuserscanusuallyhighlycustomize 9

 programstodoexactlywhattheyneedthemtodoandiftheywantmorecontrol,theycanevendelve intoshellscriptingtoautomateandfurthercustomizespecifictasks.DuetoLinuxsmodulardesignit doesnotalwayshavetorelyonspecificproprietarysoftwaretoaccomplishtasks.TheSambaproject hasintroducedawayforLinuxserverstoauthenticatewindowsmachinesandhasevendevelopeda waytoemulateActiveDirectoryonaLinuxmachine.ThismakesitpossibleforaLinuxservertobe deployedonanetworkthatservesbothLinuxandWindowsmachines.Ratherthanuseafirewall program,theNetfilterprogramdevelopedforLinuxallowsyoutosetupindividualsrulechainsthatcan controlthefilteringofincoming,outbound,andforwardingpackets.Thesechainrulescanfilterpackets basedonprotocol,sourceaddress,sourceport,destinationport,interface,state,typeofservice(TOS), andevenuseronoutboundpackets(Hunt,264).SincemanyLinuxmachinesserveascommon gateways,firewalls,andaccesspointsinisimperativethatNetfilterallowuserstoconfigurerulesfor forwardingpackets. ChainINPUT(policyACCEPT) Packets Bytes Target 0 0 0 0 0 0 0 0 0 0 Protocol Opt In lo Out Source any Destination State Established,Related TCPdport:ssh TCPdport:www

Accept All Accept All Accept TCP Accept TCP Drop All

anywhere anywhere anywhere anywhere anywhere anywhere anywhere anywhere anywhere anywhere

any any any any any any any any

ChainOUTPUT(policyACCEPT) 0 Figure.3 0 Accept All any any anywhere anywhere

10

 Linuxmachinescanbetweakedtomeetthespecificneedsofeachandeveryuser.Whileitmighttake moretimetoconfigureandcustomizeLinuxtoyourneedsthealmostendlessnumbersofwaysyoucan tailorLinuxgreatlyoutnumbertheamountoftimetaken.

Userfriendliness
WhenitcomestouserfriendlinessnootheroperatingsystemcomescloserthanWindows.With

itseasypointandclickatmosphereandbeautifulGUIwhatmorecouldyouaskfor.WhileWindows ServerisnotassecureasLinuxrightoutofthebox,itisdefinitelyeasiertosetupandinstalloutofthe box.Itispossibletosetup,install,andconfigureWindowsServer2008withinafewhours.Mostofthe functionalityofWindowsServercanbediscoveredbysimplepointandclicktrialanderrorandthe WindowshelpincludedinWindowsServerdoesagoodjobofansweringmosttrivialquestionsthatthe newserveradministratorwouldhave.EveryavailablecustomizableoptioninWindowsServerisrightat yourfingertips.WhileWindowsserverisveryuserfriendlyitalsomeansthatpracticallyandpersonwith averagecomputerscouldsetupaWindowsserverandthustheytendtobelesssecure,lessmaintained, andofferfewerservicesincomparisontoLinuxservers.Ontheotherifyouwantaserverthatyouwill nothavetohireacomputerprofessionaltomanageorbuyamanualtolearnLinuxthanWindows Servermightbeyourbestbet. Linuxontheotherhandmightseemabitmoredauntingtoaveragecomputeruserand

sometimesevencomputeradministrators.WhilemanyLinuxdistributionsthesedayscomewithaGUI eitherGnomeorKDE,aneffectiveLinuxserverisbestrunusingnoGUIatallandsimplyrelyingontext basedcommands.Thisplacestheuserinapositionthatrequireshimtolearnhowtonavigateand configureaLinuxmachineentirelyusingtextbasedcommands.Linuxincludesabuiltinmanual commonlyknownasthemanpagestoaidauserinunderstandallofthedifferentopinioneachprogram orcommandoffers.Thismanualisquiteextensiveinprovidednotonlyshellcommandsbuteven commandsforinstalledsoftwareandprogramminglanguagessuchasC.Itcanbeexpectedthatmost 11

 LinuxnoviceswillrequiresignificantdocumentationandpracticetosuccessfullynavigateonaLinux machine.ThisknowledgecanbegainedfromonlinecommunitiesofLinuxusers,website,andbooks. LinuxinmanysensescanbeconsideredveryuserfriendlytosomeonewhoiswellexperiencedinLinux. IthasalsobeenthatnotedthatusuallyLinuxserversaremoresecure,bettermaintained,andoffer moreservicethanserversrunningWindows,simplybecauseittakesapersonthathasaboveaverage computerskillstounderstandtheLinuxoperatingsysteminthefirstplace.

CaseStudies
InadditiontounderstandingthebasicdifferencesbetweenLinuxandWindows,itisalso

importanttounderstandwhenitmightbemoreappropriatetouseLinuxorWindowsonaserver.One ofthegreatprojectsdevelopedforLinuxistheSambaprojectwhichmakesitpossibleforLinuxservers totalktowindowscomputers.ItisevenpossibletouseaLinuxservertomanagetheWindows machinesonyournetwork,asadomaincontroller.Oneoftheproblemsatmostpeoplerunintowhen usingLinuxtocontrolaWindowsiswhenitcomestousingActiveDirectory.Whileitispossibletoskirt aroundsomeoftheservicesthatActiveDirectoryprovides,whenyouneedtoauthenticateoneway trustswithclientsonthenetwork,WindowsServeristhemostappropriatechoice.However,currently thebetaversionofSamba4includesanActiveDirectorycompatibleserver.Anyproprietarysoftware thatexclusivelyusesWindowsServerwouldalsobeasituationwhenWindowsServerneedstobeused. Linuxserversareusefullyforprettymuchanyotherserverapplicationthatyoucanthinkof.

WhiletheApacheWebServerisavailableforWindows,itrunsinmoresecureenvironmentwhenitruns inLinux.LinuxcanalsobeusedfornetworkauthenticationsuchasKerberosandLDAPdirectory services.ALinuxservercanalsobeconfiguredtosecurelyruntheDNSserviceandaDHCPserverto allocateIPaddressdynamically.SincetheLinuxoperatingsystemoffersgreatersecuritythanWindows, itwouldbebettertouseLinuxthanWindowstomanageafirewallseparatingyourorganizations

12

 privatenetworkfromthepublicInternet.Ifyouneedtomanagealargedatabase,MySQListheperfect choiceforthisoperation.ThesearejustasamplingofthemanyusesforLinuxintheserverrealm.

Conclusion
LinuxandWindowswillbothcontinuetocompletefromcontroloftheservermarket.After

comparingthekeyareasofbothoperatingsystemthataremostimportanttotheoperationofagood server,Linuxisthechoiceifyouarelookingforaserverthatwillbesecure,costefficient,stableandwill allowformaximumconfigurability.Windowsleadsthewayintherealmofuserfriendlessandwouldbe mostappropriateforaserverthatiseasytomanageandwillnotperformcriticalfunctions.Overall Linuxoffersmorefeaturesandamoresecureenvironmentthatareessentialforasuccessfullyserver.

Figure.4

13

Bibliography
Arora,Pooja."MSWindowsTalentEdge."WindowsServerCompare.Apr2008.HewittAssociates.11 Mar2009<http://download.microsoft.com/download/e/d/d/edd40b8478894b7f9eee d9d690751db2/MS%20Windows%20Talent%20Edge.pdf>. Greene,Jay."PeckedbyPenguins."BusinessWeek3Mar2003:12.11Mar2009 <http://www.businessweek.com/magazine/content/03_09/b3822610_tc102.htm>. Hunt,Craig.LinuxNetworkServers.Alameda,CA:Sybex,1999. Hunt,Craig.LinuxSecurity.Alameda,CA:Sybex,2001. Mearian,Lucas."WallSt.LeansTowardLinux."ComputerWorld21Oct2002:12.11Mar2009 <http://www.computerworld.com/softwaretopics/os/linux/story/0,10801,75271,00.html>. Petreley,Nicholas."SecurityReport:WindowsvsLinux."TheRegister22Oct2004:124.11Mar2009 <http://www.theregister.co.uk/2004/10/22/security_report_windows_vs_linux/>.

14