NT is the black box software package 'in persona'. When describing specific
NT security mechanisms and internal system calls during discussions with NT
experts such as Dominique, Russ, David, and others, we think we finally have
it licked when some 'new functionality' is discovered. The existing NT TCP
'advanced filtering' option in the network control panel is not to be
trusted, since adjusting it doesn't always block what you want to block.
Presently NT network services run in kernel mode, I don't know what would
happen to performance if a stack ran as a IP filtering/reporting application
using direct hardware calls.
I submit that a protocol stack must be totally isolated from NT (services),
and port access (in both directions!) must be closed by default. In
addition, reporting must be present to report inbound and outbound attempts
(also occasionally mysterious).
NT does have network services which may not be obvious, or start 'on their
own'. The services control panel (as with all other control panel applets)
should not be viewed as the comprehensive control source for that item, but
only be viewed as a database form for that item viewing predetermined
portions of the database known as 'the NT registry'. BTW - Dlls called by
registry entries may not be what was shipped.
Hmm, public crystal box code filtering stack for NT. Reminds me of
TIS-fwtk. I like it!
Bill Stout
P.S. - The 'Cryptography Manifesto' rambles, but many facts it contains are
true, verifiable and chilling. - (Bill Stout beginning to be a strong
4,096-bit PGP advocate.)
|
|
