I've just inspected my newly arrived NT4.0b2 software. DNS seems to work!
Amazing that DNS can be setup via point and click. DNS setup within the
Solaris and SunOS systems I've setup as firewalls is not a trivial task,
usually taking days or weeks (depending on process time). NT DNS setup
took minutes, even giving you drop-down selections for record types that
you want to add for hosts, zones, addresses, etc. The only drawback I've
seen is not being able to connect to non-NT DNS server properties.
BTW - My opinion is that MS is run by 'Beezelgates', but NT was written by
the VMS guys from DEC, they know UNIX too, and are no dummies.
The use of NT as a firewall platform is unstoppable. However I still think
that using NT as a base for a firewall system needs to be attacked three ways;
the I/O, the filesystem, and the O.S.
The I/O can be addressed by a 'Raptor' approach, which replaces the network
stack, or listing areas that need attention; Control Panel - Services, and
Networks. Any other area need attention?. Does anyone know of a 3rd party
OPEN SOURCE network stack replacement for NT?
The Filesystem currently can be compromised two ways that I know of, via
Linux boot disk mount, and DOS boot diskette with NTFSDOS.EXE driver. The
filesystem needs to be protected for use as a firewall. Anyone know of a
cryptographic filesystem for NT?
The O.S. has multiple security privileges/holes that need to be watched.
I don't know of a way to watch each and every permission without MS sending
out a feature-stripped version of NT. I know I've had a problem with 3.51
server, 4.0b1 workstation, and seeing all (private user access only) areas
on the 3.51 server with any user logged in on the 4.0b1 workstation. My
belief is that features in Firewalls are holes, and that firewalls should
be functionally stripped. Maybe some company can resell NT with just the
basics installed on CD for a firewall install? How about UNIX kernel with
an NT GUI? That'll fake out our managers! Yeah boss, it's BSD-NT!
Well I'm impressed by the features and functions of NT, and the ever growing
list. But the three areas in NT that need to be addressed for use as a
firewall all seem to need replacement.
<=======10========20====Ruler for Eudora users==50========60========70========80
William B. Stout | "Stop socialism in America!"
Senior Systems Admin | "Dilbert for President."
Hitachi Data Systems | "Police power today=police state tomorrow."
Open Systems Center | "The secret of life - being part of the process of
Santa Clara, California | creation."
408-970-4822 | #include <sanity_disclaimer.h>