% This isn't true. Guest doesn't have permissions to write the registry.
% Besides which, the first thing you do when setting up an NT machine is to
% disable guest. Somewhat like taking the + out of the rhosts file on a Sun.
%
In my haste to clear my mailbox, I didnt give 100% truths.
I didnt mean to imply that Guest could do _anything_ to the registry,
just some things (remotely).
Not every person who puts NT boxes (or any other unix box for that matter)
on the Internet knows about things like disabling guest account,
setting permissions on shares correctly, etc.
I am fairly sure that _MY_ nt box is fairly secure, but that's only
because I spent time going through anything that I could think of
to secure it.
My main point against NT firewalls is the following:
_as a general rule_ people who want NT firewalls, want them
because any tom, dick and harry can get them going, without
extensive knowledge of security and tcp/ip.
I have no problem with firewalls that are so easy to administer,etc,
BUT, generally, the people who setup these easy-to-use firewalls,
dont know/think about things like disabling guest account
(I know, lame example), or setting permissions on shares (or disabling
all shares, or whatever), etc, and if the firewall software dosnt
do this for them, then their firewall host can be easilly compromised....
It takes time and knowledge (well, more like common sense) to make an NT box
secure(ish). We all know that a large majority of ppl who insist on NT
because of its ease of use, and requirement for little-to no knowledge
of system administration and security, dont have the time and knowledge
to secure their box.
I hope that I did not offend or mislead anyone here.
if so, I'm sorry, and you are welcome to flame my procmail^H^H^H^H^H^H^H^Hme ;-)
ciao
--
John
--
John Betts, Aztec Internet Services Port Elizabeth, South Africa
johnb @
aztec .
co .
za, Tel. +27(0)41 303 475, Fax. +27(0)41 301 052
The world is complex. The Sendmail configuration reflects this.
Follow-Ups:
|
|
