No, not all distributions come with SELinux and IPsec. Some distributions come with SELinux and IPSec integrated into them and others have this functionality available as add-in packages. Probably the best example of an integrated SELinux distribution is Red Hat ES and Fedora. Red Hat has tightly integrated SELinux in these releases and designed a well-rounded series of policies. Red Hat also has built-in IPSec functionality. Examples of other distributions with SELinux available as a package include Debian, SuSE and Gentoo. Most of these distributions also have packages and add-ons to the kernel that allow IPSec functionality.
SELinux and IPSec provide very different functionality. SELinux is a security enhancement integrated with the kernel that enables mandatory access controls. This allows you to write policies that segregate information, processes, applications based on access controls and integrity requirements. This means the compromise of a particular application or process does not automatically mean that the whole host is compromised. IPSec is a series of protocols that allow the secure exchange of packets at the IP layer. This is principally designed to allow the implementation of VPNs (Virtual Private Networks) between hosts or networks. It is not an inherent host security feature as such. It simply allows secure communication between hosts or networks.
Do these things make Linux more secure than Windows? Well, IPSec is present on most modern Windows versions and provides the same functionality as it does under Linux hosts. However, SELinux is a powerful tool that provides significant host integrity to Linux hosts. By default this sort of security is not built into Windows hosts. You can add some of this sort of security or similar functionality by adding a Host Intrusion Detection System agent, such as those made by companies like ISS and McAfee. But most of these are not as powerful and sophisticated as SELinux. SELinux can be hard to implement and can cause problems with the functionality of your applications. I recommend doing some reading on SELinux and determining whether you require this sort of functionality for your purposes. The SELinux site at the NSA should provide a good starting point.
Related Q&A from James Turnbull
A user wants to implement OSSEC on a Windows server because he has no server side Linux operating system.continue reading
Solaris 10 Trusted Extensions and SELinux are best suited to different system requirements and administrator skill sets. Our security expert explains...continue reading
Configuring spam filters Spamassassin and dspam together in the email server Postfix is easy with the resources listed by our security expert.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.