I'm thinking to myself as I type this, so excuse the verbosity. Betcha
I sector fault more often than you.
Some services are 'open' automatically, like a rumoured SMB 'back door'
that SMS and other services use, and tftp(DHCP), etc. Others services are
not obvious, and a list of what is and isn't obvious doesn't exist in NT
(1st step of security, know what doors are there, then which are open).
UNIX has the /etc/inetd.conf file and the 'netstat -a' command to control
and audit open ports. Simple and clean-cut. With NT you need to grep
through the Registry via various Control Panel utilites or regedit32, and
'netstat -a' lists client side ports only. Seems complex and obscure.
NT's TCP/IP (4-Transport) talks up to Services (6-Presentation) via NETBIOS
(5-Session), but TCP/IP also talks to WinSock Apps, and the User shell
/Program Manager(7-Applicaition) through NETBIOS. I don't know what else
lurks in the kernel besides services, and listens to the stack. Which is
why I ask.
Maybe that's why UNIX folk dislike NT Network Security, it's much harder
to find what doors are open in NT, and to control them with confidence.
Bill
At 02:26 PM 9/4/96 -0500, David Kimball wrote:
>I know I go stupid from time to time. However, I was under the
>impression that all the ports open on an shrink wraped NT box was
>evrething that is listed in the services phile in the /drivers/etc
>dir. No, nix that. Rather they are alternately open/not open depending
>on the actual services/software installed. Am I missing something
>here?
<snip>
|
|
