On Sat, 29 May 1999, Chris Michael wrote:
> At 10:09 AM 5/28/99 , Larry Claman wrote:
> > I won't comment on this, other than
> >to say that many (most) security experts still distrust NT.
>
> And why is that, exactly? Is this distrust based on an analysis of how the
Some major reasons and a bunch of minor ones. I'll enumerate some of the
major ones in no particular order.
First: Track record. NT has had all the failings it was predicted to
have and then a few. A lot of those are being, or have been fixed, but
the history is still there. The general consensus about the level of
programming competence in the Redmond vicinity doesn't seem to be as high
as it is elsewhere - lots of bugs have been fixed multiple times. Track
records are important in security. Perceptions are to some folks and aren't
to others.
Second: Baggage/Design. You can't pare that sucker down to essential
services and code. Worse yet, most of what you'd worry about isn't
documented well enough to help in an attempt. There's also a great deal
of non-IP networking baggage, and perhaps some IP networking baggage that
doesn't seem to have an off button. In fact, lack of off buttons is a
big thing overall. Sometimes the off buttons are undocumented registry
settings - what a joy that is to replicate!
Third: Moving target syndrome. NT's development cycle is still too fast
to get a good feel for long-term issues. Microsoft seems to have the
goal of replacing NT as often as the general computing market will bear.
That's counter to the stable, proven, well-researched platform that most
security people want. Service packs, new Web browsers and almost
anything else updates code in an unregulated way. There's no telling
what's going to break when you upgrade. If you get reasonably happy with
NT4, you know you're going to have about 18 months before you have to
replace it and redo the learning, analysis and everything else. There's
nothing saying that Windows 2000 will meet the same requirements in the
same ways. You have to move though because every single OS incident starts
with a request to upgrade.
Fourth: Remote access. While I'm a firm believer that physical-only
access is a good thing, a lot of my coworkers aren't. NT's remote access
capabilities aren't as attractive as those of Unix. By a long shot.
Fifth: Tools/utilities. Trying to diagnose network problems from an NT
server is sometimes an exercise in frustration and 3rd party products.
When that problem is an attack it can be downright frustrating. Some of
this is familiarity, and some of it is based on adding more of those
darned library-updating programs we touched on in #3.
Sixth: Familiarity. Probably the opposite of what you're expecting, but
I *know* that aside from trying to 3-finger salute the console a few
times (mostly because they think it's another machine entirely) , my
operations folk wouldn't dream of trying to log into any of my *nix
servers. The people who get to log in aren't the kind who would play
Quake on the console.
Seventh: Eggs and baskets. If you're protecting mostly Windows
machines, you might not want a catestrophic issue to affect the security
infrastructure as well as the servers you're protecting.
Eigth: Support/Staffing. While there are a gazillion people with MS
certifications and really good looking resumes, there aren't a large
number of people who really know NT. What some people consider "knows
the OS in depth" is "Can check check boxes and usually find the right
dialog." I find that it's much easier to get a read on how much *nix
people know than how much NT people know. I had the same issues with
Netware admins.
> Hypothetically, suppose there was a firewall that had code sitting right
> about the network drivers that grabbed the packets, processed them, and
> sent them back down to the network drivers. From a security perspective,
> would you be concerned about the OS or the firewall code?
I'd be concerned about them both, as well as the hardware. For the same
reasons that traditional security certifications happen on an
installation basis.
Don't get me wrong - NT is much better than it started out (some would
say that was inevitible.) It has some good tools too (like ACLs). I'm just
not the kind of person who generally builds long-term infrastructure with
tools that haven't been stable for at least a couple of years. MS'
release cycle so far isn't in synch with that goal or my typical
upgrade/replace cycles. That and some of the above make it not ready
for candidacy in my infrastructure book except in limited roles.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
