> Could you provide me a location, or a document which gives an
> accurate description of the Unix vs. NT battle which is going on?
The UNIX vs. NT debate. It has been of great interest on this list lately.
I would just hang here for a few days, and you should be able to formulate
FWIW here is my opinion...
Both are secure, and both are unsecure. Meaning... Both can be very
secure, and both can be made very unsecure. I would suggest the
1. Determine a single machine to be a Firewall machine.
2. Take all of the "extra services" off of the Firewall machine.
2(a) Unbind all of the NT services that are not required.
2(b) Disable any of the UNIX services.
3. Ensure that the admin is setup very simple and very standalone.
(Don't globally admin the firewall, as part of a domain)
The firewall if it is working properly should protect any holes in NT. Like
you should not be able to RPC in anyway to the firewall machine as it is on
the "inside" of the firewall, and the external card only has the firewall
The controversy between the two OS's seems to be like this.
UNIX source is available, and holes can be found, by looking at the source.
NT source is NOT available so holes have to be probed.
The "Camps" seemed to be formed with the following thinking.
People who are able to look through the several hundred thousand lines of
the UNIX OS, and determine there is not a hole in any of the code feel
comforted by looking through the source.
Other people are discomforted by the fact that the hackers have the source
and may be discomforted by it.
There is also a cost camp which is kinda moot, because if COST is the issue
of your firewall, I think Linux is probably the choice, which is UNIX on a
There is also the "ease of use" camp which NT wins if you were a "Windows"
person, and UNIX wins if you used unix for the last five years.
My last words...
A firewall is meant to carry out a security policy. Both NT and UNIX are
capable of doing this. I would tend to recommend a multi-layered firewall,
with both OS's. That way if a system is broken one day, you don't feel in
that 'Oh shit' position. As written in "repelling the wylie hacker" (I
believe) paraphrased, "..there should be three doors to fall down at any
given time before someone is in..."
Secure UNIX is one, NT is another.