Ok, all, not to make a blatantly commercial statement here...hold your
flames!! However, at Milkyway, our evaluation of the NT stack caused us to
completely throw it out and *replace it* with a fully hardened stack. As
far as I know, we are the only FW company producing an NT version that does
that, rather than just patching / diddling with the NT version of the
stack. Of course, we believe we have the better mouse trap!!!! Download an
eval at http://www.milkyway.com if you want to check it out. I say that
this is not a "commercial posting" in that I am merely agreeing that others
feel the NT stack is not secure, but to educate that there ARE ways to have
NT and still be secure!
Comments welcome ... Flames ignored with vigor!
Steve Kruse
At 03:12 PM 11/5/97 +0000, Franco RUGGIERI wrote:
>Billy,
>maybe I'm biassed by my deep love towards a company whose workhorse (dubbed
>by the year it was finally released) too many times so far has left me
>stranded, by just losing few, but meaningful, kilobytes of key stuff.
>When you say: "The problem I believe is that NT's IP is not always robust
>enough to survive a hacker attack." you are firing an A-bomb, IMHO. Aren't
>you?
>Do I correctly understand you if I say that, since firewalls are here to
>ward off hackers' attacks, it's better not to rely on an NT since its IP
>isn't up to the task we want to use it?
>This reminds me of having heard that, in the early decades of this century,
>a racing car maker overlooked the importance of brakes by saying: "My cars
>are to run, not to stop". It has disappeared from the marketplace.
>
>-------------------------------
>Franco RUGGIERI
>fruggieri @
selfin .
net
>
>----------
>> Da: Billy Verreynne <vslabs @
onwe .
co .
za>
>> A: ygerman @
genre .
com; yati @
mod .
gov .
my
>> Cc: Firewalls @
GreatCircle .
COM
>> Oggetto: Re: Unlimited Users Firewalls
>> Data: giovedì 23 ottobre 1997 10.32
>>
>> > ygerman @
genre .
com wrote:
>> <snip>
>> > I would also say stay away from NT firewalls because the NT TCP/IP
>> > stack is not as robust as Unix in a high volume environment.
>>
>> On what facts do you base this? AFAIK the problems with Microsoft's
>> implementation of TCP/IP have more to do with incorrectly handling
>packets
>> that were incorrectly assembled (e.g. the OOB problem which gave all the
>> dumb snotty nose wannabe hackers a hard on) . But even Unix TCP/IP do not
>> always respond as it should - what about SYN stealth scans?
>>
>> A company I know have been using NT with SQL-Server across a WAN for a
>> number of years now. The volumes are pretty high - hundreds of users
>doing
>> OLTP transactions. The problem has never been with TCP/IP on NT, but
>rather
>> with SQL-Server and the Microsoft client (Win95) DB library.
>>
>> I have worked with NT since the first beta, and TCP/IP IMHO was never a
>> problem, but rather the use of it (like running NetBIOS pipes across
>TCP/IP
>> instead of using sockets). Of course Microsoft was naive in believing
>they
>> could implement the RFCs for TCP/IP without paying much attention to
>wrong
>> IP packets. But remember these IP packets are almost always the result of
>> hacker attacks. In a standard high volume business environment NT's IP is
>> stable and robust enough IMHO. The problem I believe is that NT's IP is
>not
>> always robust enough to survive a hacker attack.
>>
>> NT has received a lot of flak, especially from the Unix lovers, but it is
>> still a good operating system and one that is used (as with Unix)
>> throughout the world by many companies for running mission critical
>> applications.
>>
>> regards,
>> Billy
>
*****************************************************
* Steve Kruse Milkyway Networks *
* Network Systems Engineer 1342 E. Vine St. #224 *
* 407-847-8977 Voice Kissimmee, FL 34744 *
* 407-847-7203 Fax http://www.milkyway.com *
*****************************************************
References:
|
|
