- the level of security that is configured at installation by default
- the level of security you implement (this could also be described as how you harden the distribution)
- exactly what you wish to run on the host.
Much of your ability to do this is also enhanced or limited by the inherent security features offered by the distribution, either in the userspace or the kernel.
Personally, I like Red Hat Enterprise Linux (RHEL) since it comes with SELinux, is generally well-configured out of the box and provides most of the features I require. Bug fixes and updates are frequent and, by purchasing a license, you are able to access support services.
But RHEL does cost money. There are also distributions available for free ,of course, like Debian, Gentoo and Fedora (a Red Hat offshoot). Of the free distributions, I do have some concerns about Debian at the moment due to another compromise of one of their development servers. Most of them do tend to update fairly regularly.
Overall, when making the selection of a particular distribution you need to take into consideration cost, risk, management requirements, skills available to handle the host(s), security, ease of use, availability of required functionality and a number of other factors.
This was first published in August 2006