This is dangerously close to a religious argument, but I can't help but jump
in here. The point that I can't get past is that NT is simply not reliable
enough. Somebody already made the statement that rebooting is fine for
desktops, but not for the infrastructure. That's a really key point, I
think.
Sure, there is firewall software out there for NT. Sure, you can set it up,
run tests against it and say, "Look how secure it is." That may all be true
and it may be very secure, indeed...but none of that matters if you have to
bring down network access to reboot the damn firewall once a week (or more).
Hell, even once a month would be unacceptable in my book...
Between that and Microsoft's track record (with problems and with addressing
security issues), there's no way I could recommend an NT firewall deployment
with a straight face.
I'm not bashing NT, either. If I were to deploy a Lotus Notes installation,
I would recommend that Domino be installed on an NT server without
hesitation...but I certainly wouldn't use NT as part of a security solution.
-----Original Message-----
From: Brian Steele [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 02, 1999 9:47 AM
To: [EMAIL PROTECTED]
Subject: RE: Why not NT?
It seems that people are mis-reading my last message. Or perhaps I didn't
explain myself clearly - more likely the latter, as I should've perhaps used
"implementing", instead of "employing" :-).
When referring to companies who've successfully employing, er, implementing,
firewalls on NT, I was referring to those that have created and are selling
firewall products that run on the NT platform. There are a host of them.
Including Microsoft's Proxy Server (gd&r).
Obviously these companies have a different view regarding NT's security.
IMHO, the anti-NT crowd needs to stop brown-nosing each other concerning the
"insecurity of NT". If they're REALLY interested, then I suggest to them,
take your fingers out, look at the NT-based Firewall products, then provide
opinions about same. If one of these products running on the NT platform
proves to be insecure, then I'm sure many of us would be interested in this
information, as we would about any other firewall applications that prove to
be insecure.
However, I, and am sure many others, are not interested in the usual
pontification concerning NT and its security. Those who know better know
that the security of a system is primarily dependent on who's administering
that system and how it's been implemented, not the OS.
Brian Steele
BTW - were any of the government sites hacked this week running NT?
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
