Date: Wed, 2 Jun 1999 10:43:23 -0400
From: "Raymond Eisenstark" <[EMAIL PROTECTED]>
Subject: Re: Why not NT?
It all depends on your definition of happy and successful; maybe they've
happily and successfully lowered their standards of robustness,
recoverability, security and whatever else might define the differences
between NT-based and other firewalls.
>-----Original Message-----
>From: Brian Steele <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
>Date: Wednesday, June 02, 1999 8:38 AM
>Subject: RE: Why not NT?
>
>
>>What's so funny about this whole thread is these guys ranting and raving
>>about NT being not suitable for Firewall work, but many companies are
>>happily, and successfully, employing NT Firewalls anyway.
>>
>>Perhaps what they should really be asking is what do those companies know
>>about employing an NT-based system that they don't.
>>
>>Ignorance is not knowing.
>>Stupidity is the active pursuit of ignorance.
>>
>>Brian Steele
>>
>>
Something to ponder: Many times, I've heard NT gurus point out failures to
properly configure NT as the reason why someone else's experience with NT
was the other person's fault and why every NT *they've* ever configured
went perfectly. In other words, it takes a highly-trained, experienced
person to setup NT.
Now, with that in mind, what is the differentiator between NT and UNIX?
One cannot say that NT is easier, because it still takes a highly-trained,
experienced guru to use it to its highest potential as a server OS. One
cannot say that NT is faster, nor more scalable. Cheaper? Yes. In *some*
instances, it is less expensive. Its cost-effectiveness decreases as it is
scaled up to meet real-world enterprise solutions.
Why not NT? Long-term costs and reliability. Vulnerability to various
forms of DoS attacks, et cetera ad infinitum.
Biggest reason to reject NT as a firewall OS: You can't strip NT down to
the bare bones. You *have* to keep the GUI, which was made a part of the
kernel over Dave Cutler's protests. The GUI is the biggest source of bugs
that threaten a firewall. When Microsoft comes out with a GUI-independent
version of NT, I'll revisit it as an OS. (Then, it might more closely
resemble its progenitor, VMS.)
--John K.
UNIX/Network Systems Engineer
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
