What bothers me about this discussion is "NT people"
in general (and some "Unix people" too) can't see
past the GUI.
Yes, there are services.
Yes, most of them have off buttons.
Yes, given half a brain you can even delete the .EXE files.
Let's see now.
Is there an off button for layer crosstalking in the IP stack?
Is there an off button for user-written applications running
in Kernel space? (this is a big no-no for security)
Is there an off button for all the application parsing code
INSIDE the IP-stack?
Ack. I could go on ranting for hours...
It all really boils down to this:
Forget about being a zealot. If a particular OS
(or lack thereof?) does the job better than your
current operating system of choice, swallow your
pride and USE that product!
Security is one area where we simply cannot
afford being religous.
Let's end this thread now and stop making life
easier for the computer criminals out there.
I'm nearly convinced that some of the seemingly
religious postings saying "use this and that
not-so-well-known firewall on NT and you'll be
fine" is some crook trying to convince the not-so-clued
admins to build flawed security solutions.
Yours,
Mike
[EMAIL PROTECTED] wrote:
>
> ] "John Wiltshire" <[EMAIL PROTECTED]>
> ] > From: Paul D. Robertson <[EMAIL PROTECTED]>
> ] > Second: Baggage/Design. You can't pare that sucker down to essential
> ] > services and code. Worse yet, most of what you'd worry about isn't
> ] > documented well enough to help in an attempt. There's also a great deal
> ] > of non-IP networking baggage, and perhaps some IP networking baggage
> ] > that
> ] > doesn't seem to have an off button. In fact, lack of off buttons is a
> ] > big thing overall. Sometimes the off buttons are undocumented registry
> ] > settings - what a joy that is to replicate!
> ]
> ] Such as? I can pare down my NT machines to exactly the processes and services I
>want running. Why not run the network
> ] control panel and remove everything you don't want? Look at the services control
>panel and the "Stop" button. Looks
> ] like a great big off switch to me.
>
> There is a very big difference between turning a service OFF, and removing
> the service from the system. Which is the point Paul was making. If the
> service can be turned off, then it can be turned on again easily. If it is
> removed completely from the system, then it has to be installed (to be [ab]used).
>
> -
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
