Firewalls: Re: Unix vs. Windows NT

Firewalls
(December 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Unix vs. Windows NT
From:	"Jamie Thain" <jthain @ cat . bbsr . edu>
Date:	Tue, 10 Dec 1996 20:15:29 -0400
To:	"Shaun Fogleman" <sfogleman @ cda . com>, <firewalls @ GreatCircle . COM>

Shaun,

> 
> Could you provide me a location, or a document which gives an
> accurate description of the Unix vs. NT battle which is going on?
> 

The UNIX vs. NT debate. It has been of great interest on this list lately.
I would just hang here for a few days, and you should be able to formulate
an opinion.  

FWIW here is my opinion... 

Both are secure, and both are unsecure.  Meaning... Both can be very
secure, and both can be made very unsecure. I would suggest the
following...

1. Determine a single machine to be a Firewall machine. 
2. Take all of the "extra services" off of the Firewall machine. 
	2(a) Unbind all of the NT services that are not required.
	2(b) Disable any of the UNIX services.
3. Ensure that the admin is setup very simple and very standalone. 
	(Don't globally admin the firewall, as part of a domain) 

The firewall if it is working properly should protect any holes in NT. Like
you should not be able to RPC in anyway to the firewall machine as it is on
the "inside" of the firewall, and the external card only has the firewall
on it. 

The controversy between the two OS's seems to be like this. 

UNIX source is available, and holes can be found, by looking at the source.

NT source is NOT available so holes have to be probed. 

The "Camps" seemed to be formed with the following thinking.

People who are able to look through the several hundred thousand lines of
the UNIX OS, and determine there is not a hole in any of the code feel
comforted by looking through the source.  

Other people are discomforted by the fact that the hackers have the source
and may be discomforted by it. 

There is also a cost camp which is kinda moot, because if COST is the issue
of your firewall, I think Linux is probably the choice, which is UNIX on a
PC.  

There is also the "ease of use" camp which NT wins if you were a "Windows"
person, and UNIX wins if you used unix for the last five years. 

My last words...

A firewall is meant to carry out a security policy. Both NT and UNIX are
capable of doing this. I would tend to recommend a multi-layered firewall,
with both OS's. That way if a system is broken one day, you don't feel in
that 'Oh shit' position.   As written in "repelling the wylie hacker" (I
believe) paraphrased, "..there should be three doors to fall down at any
given time before someone is in..." 

Secure UNIX is one, NT is another. 

regards:jamie

Follow-Ups:

Re: Unix vs. Windows NT
From: peter @ baileynm . com (Peter da Silva)
Re: Unix vs. Windows NT
From: Todd Graham Lewis <lists @ reflections . mindspring . com>

Indexed By Date	Previous:	Re: How can I route packet by service port? From: Darren Reed <avalon @ coombs . anu . edu . au>
Indexed By Date	Next:	RE: phone hookup detection, etc. From: "Buff, Kurt" <kurt @ SEATTLE . NYLCARE . com>
Indexed By Thread	Previous:	Unix vs. Windows NT From: Shaun Fogleman <sfogleman @ cda . com>
Indexed By Thread	Next:	Re: Unix vs. Windows NT From: Todd Graham Lewis <lists @ reflections . mindspring . com>