Brian D. Boyle wrote:
>In a more reasonable moment of thought, perhaps you might want to switch around
>the platform and run your firewall on unix and your web server on NT. Suitable
>application of technology, you know.
>Why would you want to do this?
>1) NT has a really bloated code base in Micro$oft's attempt to be all things
>to all people. You really can't pare it down. Add to that the almost
>alpha-test quality of the protocol stack, and you end up with a system that is
>about just useful as a web server (assuming you use a decent web server...),
>but not as the drawbridge over the moat around your network.
NT is rather a memory hog, granted, but is it any more of a hog than Solaris or
other commercial Unix implementations?
Also, I've heard occasional charges (on this list and elsewhere) about the poor
quality of NT's protocol stacks, but I've never heard any explanation. As
someone who's installed NT at least a hundred times and has used NT heavily for
at least two years, I haven't had this bad experience. As a matter of fact,
I've felt quite strongly that NT's network protocol implementation is rather
elegant, especially compared to ugly hacks like Netware and OS/2.
>Do you want to trust
>the operation and security of your network to a closed, proprietary code base
>that is not subject to peer review, has not been in production for as long as
>Un*x or its vairants, and whose operation can not fully be predicted with any
>certainty? Un*x is no magic solution, either, btw, but, for the application
>of protecting your network, it makes some sense to use the OS for which most of
>the applications (network) were developed, and around which operating
>philosophy these protocols were designed, eh?
Perhaps, but it's also possible to make quite different arguments. NT's
security model is, frankly, rather more sophisticated than that which comes
standard on most Unix systems. It is much easier to learn and administer than
most Unix systems, and as a result it is less easy to make a bad mistake on.
And there are significant advantages to a proprietary, closed code base. True,
you don't know all the holes -- but then neither do the hackers. Security
through obscurity is at least of *some* benefit.
>2) A protection mechanism or system like this is not meant to be constantly
>diddled with, except as changes in philosophy or threats are recognized. They
>are meant to monitor, filter, log, and control access in a network environment.
>NT is meant to serve files. Unix is built to handle the communications and
>other tasks the network imposes.
As a matter of fact, NT is *not* that great of a file server -- adequate, but
certainly not outstanding. It's strengths really *are* as an application
server. It is currently lacking some of the high-end scalability which Unix
possesses, but architecturally it has learned much from Unix, and has many of
the same strengths. And it has the advantage (as a desktop OS) of being able
to run 90% of the applications people actually use on a daily basis, while also
being able to function as a quite respectable server platform.
>3) The tools you need to operate the system are mature and available on Unix
>at this time, and have been subjected to massive review, discussion, debugging,
>production, and operation from mom-and-pop operations to multinational firms.
>NT-based tools are few and far between, and are plug, play, and pray. For a
>good list, check out.
This is, so far, very true. A number of Unix tools have been ported to NT, but
their implementations are so far still untested and have generally proven to be
a little less than stable. I still haven't seen an NT-based firewall. If
anybody's aware of anything out there, I'd love to hear about it. Still, given
NT's other strengths and Microsoft's mind-share, I doubt that this state of
affairs will last very long.
Ken Smith
MIS Operations Manager
Independent National Mortgage
Follow-Ups:
|
|
