Yeah, incredible but true. However, for those that are genuinely
interested, the full URL to that document is here:
http://www.microsoft.com/proxy/common/Coopers.exe
A few noteworthy points...According to M$:
"Coopers & Lybrand LLP (C&L) conducted a four phase
evaluation program that reviewed Installation, Configuration,
Security Feature Analysis, and Penetration Testing in an
effort to "unearth" any security vulnerabilities of Microsoft
Proxy Server."
C&L claim that the product withstood attacks from "...well-known and
well documented tools, such as the public domain tools Internet Security
Scanner and Satan..." Immediately following this, C&L advises that
"...without careful installation, monitoring, and observation, any
computing product or system may be vulnerable to exploitation..." In
other words, "..we evaluated this product, but we cannot vouch for it,
nor place our reputation on the line."
Moreover (and even more incredibly) C&L go on to say that the Proxy
Server uses NT 4.0 as its platform and therefore, 4.0's IP forwarding
"may" present some security issues. Let me repeat that: IP forwarding
MAY present some security issues.
Whatever. Meanwhile, are they saying that if a target survives a scan by
SafeSuite or SATAN, that it's okay? (Maybe Ballista would have been a
better choice as it is a more recent development. I wonder, did they try
scanning it with Jakal?) Okay enough to give it this "Security Seal of
Approval" that M$ is parading around? Hahahaha. Not the Security Seal of
Approval. Anything but that. That - and about 1.75 - will get you...
Follow-Ups:
References:
|
|
