We have a sister organization with a VPDN interconnected with
our own with only router ACL's between 'em, filtering on "trusted"
and "semi-trusted" IP address ranges only. Our org has limited
security consciousness, theirs has none... They insist on putting
Digi-boards directly on NT apppl servers, and allow remote direct
dial access into same [...cringe :-( ].
I imagine that war dialers and password guessing programs will
work just as well on NT/RAS as UNIX - why not - so, if an interloper
can gain a session on a "trusted" NT host, he/she ought to be able
to freely island-hop over to our IP VPDN with impunity, right?
Second, without being too explicit, can someone out there tell
me of their real tried and tested assessment as to the "swiss
cheese" factor concerning security of the NT OS. Some of our
"NT rocket scientists" around here persist in claiming that UNIX is
not a secure environment, whereas NT is. I have to continually
tell them that UNIX is much more secure(able) because we know
where the holes in the cheese are... That we don't hear about
NT security problems much because there hasn't been enough
elapsed time since its birth to thoroughly probe and exploit it...
Any comments, feedback from outside my organization will be greatly
appreciated, because I blew all my intellectual credibility in-house
when I accepted employment here... Sorry, but I can't tell you who
we are, cause of what I've devulged to the world in this posting...