I don't believe that the "real" problem is that anyone thinks that NT is so
much less secure than Unix. The argument is true as far as my experience has
taught me; any OS can only be as secure as the SysAdmin who secures, and
monitors, it. However, what my experience has also taught me is that, and
perhaps it's due to the graphical nature of NT, that many NT SysAdmins don't
"really" know what's going on under-the-hood. It seems all to easy to click
a button here, uncheck a checkbox there. But does that really do what we are
all thinking that it does!? The answer is an almost certain NO. If your shop
has strong NT SysAdmin expertise, that's great, however, if the SysAdmin
expertise is in administering a File/Print server, then, in my opinion, the
SysAdmins need more training. Not to say that File/Print servers don't
require security measures, however, there are many more things to consider
with a FW than there are with an internal File/Print server.
I have been both an NT SysAdmin and am know a Unix SysAdmin (Solaris
particularily) and I love administering Unix more. That is just my
preference. I love NT for File/Print services and application servers. In
many arguments, the NT-lovers are going to win the argument about NT being
more secure, in others, they are going to lose. I think, and these are only
my opinions here, that NT comes with more security capabilities than Unix.
That said, I also believe that NT is harder to "really tighten down to an
acceptable secure level" than Unix. Unix is very modular and has a lot more
free software and code available than NT does, so the argument tends to head
the other direction in favor of Unix. However, I feel that Unix is more
stable than NT. The question isn't as much a concern over the security, as
it is the stability (atleast for me).
There,
-Tim
> -----Original Message-----
> From: Jack Coates [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, May 24, 2000 6:31 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [FW1] Evidence of NT security problems?
>
>
> All these points are valid, but there's also the group mentality to
> consider, which means that the best product isn't always the one which
> gets implemented on a large scale. NetWare 3.12 was a pleasure to work
> with, as was NetWare 4.11.
>
> And I have to disagree about MS products making good doorstops, the
> boxes are flimsy and the documentation is thin. Now a Toshiba laptop
> makes an excellent doorstop, perhaps with an MS manual crammed into it
> to keep the lid halfway up :-)
>
> --
> Jack Coates, Rainfinity SE
> e: [EMAIL PROTECTED]
> t: 650-962-5301
> m: 650-280-4376
>
>
> Richard Thornton wrote:
> >
> > Well I never thought I was say this, but I agree. There are many
> factors to consider when putting together any solution. I am a true Unix
> bigot, but there are times when it makes sense to go with another
> solution. (Please don't tell anyone at
> > my company I said this, I have a rep to maintain...) :-) If the
> person charged with the task doesn't have the necessary skill set to
> support Unix and the other OS will do the job, does it really make sense
> to put in a Unix solution? Don't
> > get me wrong, I hate MicroSoft. I really believe it to be a third rate
> product, but there are times when it makes sense to use it. I have yet to
> find a better door stop than MicroSoft products. <grin>
> >
> > Regards, Richard Thornton
> >
> > "McMeekin, Scott" wrote:
> >
> > > NT is perfectly capable of serving as a firewall. Don't let the "my OS
> can
> > > batter your OS" idiots confuse you. I've been a UNIX guy for years and
> > > years, but even I have to say that NT and UNIX are similar from a
> security
> > > perspective in one undeniable aspect: your system will only be as
> secure if
> > > it is configured properly. Throw a couple of nice fast processors and
> a
> > > decent HD or two at NT and you have a perfectly good firewall
> platform. Sun
> > > will do nicely too - as long as you have the skill resources available
> to
> > > support it and secure it properly. Before you go believing arbitrary
> > > statements from people about the security of an OS, do your own cost
> and
> > > risk assessments. Consider how much it would cost to employ a
> dedicated UNIX
> > > resource against giving your existing NT guys additional security
> training.
> > >
> > > The whole "UNIX vs NT" argument is a complete waste of time. I love
> unix,
> > > and I'll admit to being biased towards the Solaris and for preference
> the
> > > Nokia solutions because when I'm administering them, I know what's
> going on
> > > all the time, unlike the pseudo-black box nature of NT, coupled with a
> > > deep-rooted mistrust of all things Microsoft (I'm waiting for them to
> > > release their own firewall software with a bloody flight sim hidden in
> it).
> > > However, if you already have a dedicated and strong NT skillset within
> your
> > > company, you might as well consider just having an NT firewall.
> > >
> > > Scott.
> > >
> > > -============================-
> > > Scott McMeekin (x25086)
> > > Senior Technical Analyst
> > > IT Telecoms
> > > The Royal Bank of Scotland
> > > Phone: +44(0)1315235086
> > > Email: [EMAIL PROTECTED]
> > > -============================-
> > >
> > > > -----Original Message-----
> > > > From: Matt Little [SMTP:[EMAIL PROTECTED]]
> > > > Sent: Tuesday, May 23, 2000 10:06 AM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: [FW1] Evidence of NT security problems?
> > > >
> > > >
> > > > *** Warning : This message originates from the Internet ***
> > > >
> > > >
> > > > Hello all,
> > > >
> > > > We have NT firewalls and expertise here and the general opinion is
> to
> > > > stick with that as it the the OS we have most knowledge in.
> > > >
> > > > However, we have been advised that NT is 'full of holes' and UNIX is
> the
> > > > most secure OS and we do have some knowledge of UNIX.
> > > >
> > > > I'm aware that there are performance advantages of running FW-1 on
> UNIX,
> > > > but that aside, I was wondering if anyone has, or could point me to,
> any
> > > > evidence of running FW-1 on NT as being a serious security problem.
> > > >
> > > > Thanks,
> > > >
> > > > Matt Little
> > > >
> > > >
> > > >
> > > >
> ==========================================================================
> > > > ======
> > > > To unsubscribe from this mailing list, please see the
> instructions at
> > > > http://www.checkpoint.com/services/mailing.html
> > > >
> ==========================================================================
> > > > ======
> > >
> > > The Royal Bank of Scotland plc is registered in Scotland No 90312.
> Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB.
> > >
> > > The Royal Bank of Scotland plc is regulated by IMRO, SFA and Personal
> Investment Authority.
> > >
> > > This e-mail message is confidential and for use by the addressee only.
> If the message is received by anyone other than the addressee, please
> return the message to the sender by replying to it and then delete the
> message from your computer.
> > >
> > > 'Internet e-mails are not necessarily secure. The Royal Bank of
> Scotland plc does not accept responsibility for changes made to this
> message after it was sent.'
> > >
> > >
> ==========================================================================
> ======
> > > To unsubscribe from this mailing list, please see the
> instructions at
> > > http://www.checkpoint.com/services/mailing.html
> > >
> ==========================================================================
> ======
> >
> >
> ==========================================================================
> ======
> > To unsubscribe from this mailing list, please see the instructions
> at
> > http://www.checkpoint.com/services/mailing.html
> >
> ==========================================================================
> ======
>
>
> ==========================================================================
> ======
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
