On Mon, 1 Jul 1996, John Betts wrote:
> % This isn't true. Guest doesn't have permissions to write the registry.
> % Besides which, the first thing you do when setting up an NT machine is to
> % disable guest. Somewhat like taking the + out of the rhosts file on a Sun.
> %
>
> In my haste to clear my mailbox, I didnt give 100% truths.
>
> I didnt mean to imply that Guest could do _anything_ to the registry,
> just some things (remotely).
>
> Not every person who puts NT boxes (or any other unix box for that matter)
> on the Internet knows about things like disabling guest account,
> setting permissions on shares correctly, etc.
>
> I am fairly sure that _MY_ nt box is fairly secure, but that's only
> because I spent time going through anything that I could think of
> to secure it.
>
> My main point against NT firewalls is the following:
> _as a general rule_ people who want NT firewalls, want them
> because any tom, dick and harry can get them going, without
> extensive knowledge of security and tcp/ip.
>
> I have no problem with firewalls that are so easy to administer,etc,
> BUT, generally, the people who setup these easy-to-use firewalls,
> dont know/think about things like disabling guest account
> (I know, lame example), or setting permissions on shares (or disabling
> all shares, or whatever), etc, and if the firewall software dosnt
> do this for them, then their firewall host can be easilly compromised....
>
> It takes time and knowledge (well, more like common sense) to make an NT box
> secure(ish). We all know that a large majority of ppl who insist on NT
> because of its ease of use, and requirement for little-to no knowledge
> of system administration and security, dont have the time and knowledge
> to secure their box.
>
>
John,
I think Russ was also trying to point out that the same applies to unix
based systems as well. They aren't secure out of the box, it takes
special expertise to secure them, and thus, there's nothing here that
makes them really, any different than a unix based system. The main
point here being, don't let your OS religion color your judgement.
Later,
Ron Dufresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
References:
|
|
