Hello,
first of all I personally prefer a Unix (i.e. Linux) Box, cause I know the
weakness of the used Protocols in Unix and from Kernel hacking I feel
comfortable with my knwledge about host security. But I think the following
comments are a bit unfair:
> NT bugs are denial-of-service type.
Since Deny of Service Attacks are usually weakness in the protocol, this is
not realy an issue here.
> And there was one (I don't know if it
> was fixed) if someone enabled Netbeui over TCP/IP one could easily map
> drives of NT from a distant point...
If I enable NFS on a Unix Box one can do it, too. And with NFS I have much
less authentication, and no User Interface to see which Dirs are exported.
> And since system registry could even be read with Guest account
> (which is predefined in NT) there is another problem.
You can read /etc/passwd on a Unix System whith each predefined Gast
Account, too.
> But it involws
> tha it is possible to hach administrator account since it is also default.
root is default on Unix, too.
> There was other denial of service bugs in RAS and DNS but as far as I know
> fixed with service pack.
I know a lot of Deny of Service Atacks for bind or pppd.
There are relay not much difference between Unix and NT. There are some
additional Protocols which ppl feel unsafe cause thy dont know them. This is
true for RPC on Unix too. I would never run portmap on a bastion host, cause
I dont know the weakness of those Protocolls.
Greetings
Bernd
--
(OO) -- Bernd_Eckenfels @
Wittumstrasse13 .
76646Bruchsal .
de --
( .. ) ecki @
{inka .
de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes @
irc +4972573817 BE5-RIPE
(O____O) If privacy is outlawed only Outlaws have privacy
Follow-Ups:
-
Re: Firewall
From: Root Admin-KSoft <root @
sibernet .
com .
tr>
References:
-
Firewall
From: Lee Nan Phin <nplee @
mol .
net .
my>
-
Re: Firewall
From: Root Admin-KSoft <root @
sibernet .
com .
tr>
|
|
