Firewalls: Re: Unlimited Users Firewalls

Firewalls
(October 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Unlimited Users Firewalls
From:	"Craig I. Hagan" <hagan @ cih . com>
Date:	Fri, 24 Oct 1997 22:37:04 -0400 (EDT)
To:	Billy Verreynne <vslabs @ onwe . co . za>
Cc:	ygerman @ genre . com, yati @ mod . gov . my, Firewalls @ GreatCircle . COM
In-reply-to:	<199710231629 . SAA08221 @ fw4 . tns . co . za>
Reply-to:	hagan @ cih . com

> dumb snotty nose wannabe hackers a hard on) . But even Unix TCP/IP do not
> always respond as it should - what about SYN stealth scans?

what about them? you are ignoring the disease by addressing the
symptoms. the fact is that you can't yet state with certainity
that MS's tcp code is safe/secure.

> 
> A company I know have been using NT with SQL-Server across a WAN for a
> number of years now. The volumes are pretty high - hundreds of users doing
> OLTP transactions. The problem has never been with TCP/IP on NT, but rather
> with SQL-Server and the Microsoft client (Win95) DB library. 
> 

hundreds of users isn't high volume. more imporatantly, hundreds
of users with what expectation of response time? I would expect
sub-second (200ms) worst case response time for a production
DB engine with so low a load. 


> stable and robust enough IMHO. The problem I believe is that NT's IP is not
> always robust enough to survive a hacker attack.

> NT has received a lot of flak, especially from the Unix lovers, but it is
> still a good operating system and one that is used (as with Unix)
> throughout the world by many companies for running mission critical
> applications.

I would argue that NT still has much more flak to go as fortune 1000
companies start trying to take it out of pilot and into production for
certain 'mission critical' applications. 

I argue that the ideas behind NT -- that unix, although a good operating
system, is too complex for the average business due to the scarcity of
knowledgeable people -- is reasonable. however, to then say that NT is
good because it is the _only_ OS to fill that need (regardless of
shortcomings) is a little premature. Ask me again in five years when NT
has had a chance to incubate a bit longer. Currently, i don't consider it
reasonable to compare a young (few year old) os against unix which has
been around for a generation in terms of robustness, etc. 

-- craig

-------------------------------------------------------------------------------
Craig I. Hagan     "It's a small world, but I wouldn't want to back it up"
hagan(at)cih.com        "True hackers don't die, their ttl expires"
  	"It takes a village to raise an idiot, but an idiot can raze a village"

	Stop the spread of spam, use a sendmail condom!
	     http://www.cih.com/~hagan/smtpd-hacks

References:

Re: Unlimited Users Firewalls
From: "Billy Verreynne" <vslabs @ onwe . co . za>

Indexed By Date	Previous:	Re: Use of VPNs ?? From: "Paul D. Robertson" <proberts @ clark . net>
Indexed By Date	Next:	Re: Unlimited Users Firewalls From: "Paul D. Robertson" <proberts @ clark . net>
Indexed By Thread	Previous:	Re: Unlimited Users Firewalls From: "Billy Verreynne" <vslabs @ onwe . co . za>
Indexed By Thread	Next:	Re: Unlimited Users Firewalls From: "Paul D. Robertson" <proberts @ clark . net>