RE: OS Platform for firewall

Tue, 12 Jan 1999 03:21:04 -0500 

        Roger Marquis answered the following:

        >I have no use for generalizations either but there are several
solid
        >reasons why Unix is more secure and reliable than NT in any server
        >environment, especially as a firewall.

        >System logs are one reason.  How do you send one NT host's logs to
another
        >host, or several other hosts (for non-repudiation).  Answer: you
        >can't.  How do you parse through multiple logs quickly using any
text
        >viewer in NT?  Answer: you can't.  How do you discriminate between
        >NetBIOS and DNS names and IP addresses?  Once again: you can't do
this
        >under NT.

        >Remote access is important in any server farm.  Sure you can setup
        >RAS+VBscript+various other hacks under NT but it is not going to be
        >reliable.  Under Unix you install SSH for encrypted access
including
        >X11, even including public-key authentication.  SSH is rock solid.

        I would not comment on this since some of the things mentioned CAN
be done in
        one way or another. However the writer assumes that things done in 
        UNIX should be done the same way  in NT. This will never be correct.

        >And if the server goes down?  The last large shop I worked at which
        >used NT proxy firewalls had to reboot at least 3 times a week.
This
        >was with the best NT system administration available.  I've never
seen
        >a well setup Unix firewall crash 3 times in a year.

        We use NT for numerous tasks. Of our more then 20 NT server I cannot

        recall one crash in the last year. Problems - yes, but no crash and
        lost of service (maybe you run NT 3.5x - boxes they used to crash).
        There is no need to spread F.U.D about this.

        >And what do you do when your NT firewall crashes, which it will do
        >frequently?  You really have no choice but to get to the console
and
        >power cycle the thing.  NT has no provision for a serial console.
You
        >have to get up at 4am to drive to work and reboot your NT
servers...
        >These are not "generalizations" or other marketing hype they are
the
        >dirty truths about NT servers.

        As I have said, we have no experience with crashes. However NT can
reboot after
        a real crash (not after hang condition). Remote boot facility is
available from
        most of the major vendor (HP, COMPAQ ETC.). It even supports
callback functions

        In general, Unix management is more primitive then NT's- as it needs
fewer and simpler 
        tools to run and also a lot of freeware is available. However it
needs higher skills to 
        do it. NT/UNIX management demonstrates the famous economic tradeoff
LABOR VS.
        CAPITAL. With CAPITAL investment in software, NT will run by less
labor.


Arik Sudman
Senior Project Manager
Bezeq

Any views or opinions presented are solely those of the author and do not
necessarily represent those of the Bezeq  unless otherwise specifically
stated.




> I have no use for generalizations either but there are several solid
> reasons why Unix is more secure and reliable than NT in any server
> environment, especially as a firewall.
> 
> System logs are one reason.  How do you send one NT host's logs to another
> host, or several other hosts (for non-repudiation).  Answer: you
> can't.  How do you parse through multiple logs quickly using any text
> viewer in NT?  Answer: you can't.  How do you discriminate between
> NetBIOS and DNS names and IP addresses?  Once again: you can't do this
> under NT.
> 
> Remote access is important in any server farm.  Sure you can setup
> RAS+VBscript+various other hacks under NT but it is not going to be
> reliable.  Under Unix you install SSH for encrypted access including
> X11, even including public-key authentication.  SSH is rock solid.
> 
> And if the server goes down?  The last large shop I worked at which
> used NT proxy firewalls had to reboot at least 3 times a week.  This
> was with the best NT system administration available.  I've never seen
> a well setup Unix firewall crash 3 times in a year.
> 
> And what do you do when your NT firewall crashes, which it will do
> frequently?  You really have no choice but to get to the console and
> power cycle the thing.  NT has no provision for a serial console.  You
> have to get up at 4am to drive to work and reboot your NT servers...
> These are not "generalizations" or other marketing hype they are the
> dirty truths about NT servers.
> 
> Roger Marquis
> htttp://www.roble.com/
> 
> 
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
      • ... Andy Condliffe
        • ... Paul D. Robertson
          • ... Andy Condliffe
            • ... Paul D. Robertson
              • ... Sean Semone
        • ... James D. Wilson
          • ... Rainer Duffner
            • ... Carric Dooley
        • ... Eugene Chupkin
  • ... Knapp, Ken (SD-EX)
  • ... אריק זודמן - Arik Sudman
  • ... Rao, Prashanth
  • ... Jan van Rensburg
  • ... Roger Marquis

Reply via email to