Great Circle Associates Firewalls
(December 1997)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: NT as a central intranet firewall
From: ccurtis @ facm . fit . edu
Date: Tue, 9 Dec 1997 12:31:51 -0500 (EST)
To: firewalls @ GreatCircle . com
In-reply-to: <Pine . GSO . 3 . 95 . 971208195627 . 2280A-100000 @ nebula>

On Mon, 8 Dec 1997, Jyri Kaljundi wrote:

> I don't think NT can be used as an Intranet firewall. If you want heavy
> duty, go with Solaris Sparc. If you have a budget but still want a
> reliable Unix, choose Solaris x86 on Pentium Pro. 
> 
> In Intranets you probably want to do 100Mbps real soon if you are not
> using it already, and NT TCP/IP I have heard gives out much less as I have
> heard. 

As a point of correction:  I believe that the NT TCP/IP *stack* can handle
a 100Mb load, the problem is that it can't pump that data out of the
filesystem.  That is, you can do 100Mbps, but in order to do so you cannot
use NTFS, you must use FAT.  And on the other hand, if you want security,
you have to use NTFS.  This shouldn't be a factor as a firewall, though,
as they shouldn't be sending stuff off the hard drive anyway.  (However,
unless you have 64MB RAM, it'll probably be swapping, so...)

My opinion of the stack itself is not so grand, at least not in 4.0, but I
have no desire to rehash that one.  Just be sure to get FixPak 3 and _all_
the hotfixes released so far.  Also be sure to realize that Microsoft is
not in the business of security.  They, just like Intel, don't like to
admit mistakes, and will often deny that problems exist for extended
amounts of time.  What that means to you is even when there are exploits
available that will take down your servers, Microsoft will often remain in
denial, and leave you in the cold ... when was the last time you heard a
Microsoft press release stating patches for holes in their OS?  And why
did Microsoft threaten to sue organizations like CERT for releasing
exploit information? 

This is not a company I would put _my_ trust in.  YMMV.

Christopher



References:
Indexed By Date Previous: [no subject]
From: "Chris Knipe" <savage @ javacafe . co . za>
Next: Re: Firewall Architecture
From: daemond @ ibm . net
Indexed By Thread Previous: Re: Re[2]: NT as a central intranet firewall
From: "Craig I. Hagan" <hagan @ cih . com>
Next: Re: NT as a central intranet firewall
From: mcnabb @ argus-systems . com (Paul McNabb)

Google
 
Search Internet Search www.greatcircle.com