On Thu, 11 Apr 1996, Norton, Dave wrote:
> Second, without being too explicit, can someone out there tell
> me of their real tried and tested assessment as to the "swiss
> cheese" factor concerning security of the NT OS.
One thing you must remember is that NT is very new (deployed for only a
couple of years) and that it's code base has been heavily modified during
that time period. IMHO, it is too young to be considered "tried and tested".
> Some of our
> "NT rocket scientists" around here persist in claiming that UNIX is
> not a secure environment, whereas NT is. I have to continually
> tell them that UNIX is much more secure(able) because we know
> where the holes in the cheese are...
And those holes have been plugged. This type of pissing match will never
come to a resolution because it is mostly about personal opinions. Where
UNIX wins hands down is that you can show in the firewalls literature
that experts have studied the security profile of UNIX and given
detailled recipes for securing UNIX system and for using UNIX systems
as secure network gateways. NT doesn't have this.
> Any comments, feedback from outside my organization will be greatly
The other important factor is the attitude of the people charged with
maintaining these systems. Any O/S can be installed and configured in an
unsecure manner. Security starts with people who have the right attitude
and who will make sure that systems are properly configured. In some
cases this means you need to tell your bosses, "my way or the highway".
It's like being a private in the army assigned to guard the gate of a
compound. A 4-star general drives up and asks to be let in. If the
general doesn't have the password, would the private let him in?
What woul the general do? What would the different possible scenarios tell
you about the quality of the army?
If you are responsible for maintaining security and don't feel that you
can do so with the tools at hand, you need to either get the tools
changed or go someplace else where you can do your job properly.
Michael Dillon Voice: +1-604-546-8022
Memra Software Inc. Fax: +1-604-546-3049
http://www.memra.com E-mail: michael @