In some mail from William Beem, sie said:
>
> More likely that most folks don't know about the security holes in NT yet.
> UNIX holes receive a fair amount of attention, which often causes a furor
> and a fix. Microsoft remains rather tight-lipped about holes in Windows NT.
>
>
> I rather prefer the UNIX approach of knowing what's wrong with it, so I can
> make a reasonably intelligent assessment regarding the security of my
> servers. Microsoft seems unwilling to tell me what's wrong with NT. Maybe
> that's why I have more UNIX boxes at work than NT servers.
Considering the last 12 weeks, would you build a firewall using HP-UX ?
I'm working on setting up a secure system and one of the first things I
did after installation was:
find / -type f \( -perm -02000 -o -perm -04000 \) -print
sorted out what I wanted to set setuid/setgid and the rest went off!
Prior to this 3 months ago, HP-UX had been "quiet" compared to Solaris2
so far as security problems are concerned, but now I guess the push to
make it easier to manage for non-root is showing. The number of programs
and the list itself of setuid-root things is puzzling, indeed!
Maybe when some of us have replaced all the NT progarms with GNU versions,
rewritten their network daemons and have more options than the COTS product,
it'll be taken more seriously.
To give you an example of problems that are possible, I've seen a custom
screenlock written for Windows 3.11 that was vulnerable to a buffer overrun
problem.
Also, who wants to run a GUI on their Firewall ? Do all those application
proxies need that fancy screen stuff ? Probably not. Are they safe ? Who
knows. Can you take it away ? No.
Compared to Unix, where all systems by default will work quite well without
any GUI so building a Firewall on a stripped-down system becomes much
easier.
Darren
References:
|
|
