Firewalls: Re: Cracking NT via RAS

Firewalls
(April 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Cracking NT via RAS
From:	Michael Dillon <michael @ memra . com>
Organization:	Memra Software Inc. - Internet consulting
Date:	Sun, 14 Apr 1996 17:40:43 -0700 (PDT)
To:	Firewalls-post <firewalls @ GreatCircle . COM>
In-reply-to:	<199604111905 . AA13124 @ nacg . trane . com>

On Thu, 11 Apr 1996, Norton, Dave wrote:

> Second, without being too explicit, can someone out there tell
> me of their real tried and tested assessment as to the "swiss
> cheese" factor concerning security of the NT OS. 

One thing you must remember is that NT is very new (deployed for only a 
couple of years) and that it's code base has been heavily modified during 
that time period. IMHO, it is too young to be considered "tried and tested".

> Some of our
> "NT rocket scientists" around here persist in claiming that UNIX is
> not a secure environment, whereas NT is. I have to continually
> tell them that UNIX is much more secure(able) because we know
> where the holes in the cheese are... 

And those holes have been plugged. This type of pissing match will never 
come to a resolution because it is mostly about personal opinions. Where 
UNIX wins hands down is that you can show in the firewalls literature 
that experts have studied the security profile of UNIX and given 
detailled recipes for securing UNIX system and for using UNIX systems 
as secure network gateways. NT doesn't have this.

> Any comments, feedback from outside my organization will be greatly
> appreciated, 

The other important factor is the attitude of the people charged with 
maintaining these systems. Any O/S can be installed and configured in an 
unsecure manner. Security starts with people who have the right attitude 
and who will make sure that systems are properly configured. In some 
cases this means you need to tell your bosses, "my way or the highway".
It's like being a private in the army assigned to guard the gate of a 
compound. A 4-star general drives up and asks to be let in. If the 
general doesn't have the password, would the private let him in? 
What woul the general do? What would the different possible scenarios tell 
you about the quality of the army?

If you are responsible for maintaining security and don't feel that you 
can do so with the tools at hand, you need to either get the tools 
changed or go someplace else where you can do your job properly.

Michael Dillon                                    Voice: +1-604-546-8022
Memra Software Inc.                                 Fax: +1-604-546-3049
http://www.memra.com                             E-mail: michael @
 memra .
 com

References:

Cracking NT via RAS
From: "Norton, Dave" <dnorton @ trane . com>

Indexed By Date	Previous:	Re: more on mail addresses From: Dave Crocker <dcrocker @ brandenburg . com>
Indexed By Date	Next:	*Re: Solaris2.5 and BSD - Facts** From: Michael Dillon <michael @ memra . com>
Indexed By Thread	Previous:	Re: Cracking NT via RAS From: Stefan Gal <sgaul @ prolog . net>
Indexed By Thread	Next:	RE: Cracking NT via RAS From: Russ <Russ @ RC . Toronto . on . ca>