I am in New Jersey, the firewall is in Poland or Argentina, or Bermuda (for
some reason this site always gets volunteers :-)). How do I securely access
a command window remotely? I am limited to Raptors remote admin GUI which
does not have any access to that stuff. On the Unix version I use srl to
connect in, run bash to get a decent shell, and then I can do all my
diagnostics. Previously we (KPMG) has asked Raptor for a srl for the NT
version, and they said they could provide it, but there was nothing on the
NT side to connect it to.
> -----Original Message-----
> From: Edward Gibbs [SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, June 01, 1999 8:49 PM
> To: Ng, Kenneth; 'Brian Steele'; [EMAIL PROTECTED]
> Subject: RE: Why not NT?
>
> Hmm, I'm mostly interested in hearing what you can't do on NT?
>
> NT has
>
> - ping (same on UNIX)
> - tracert (traceroute on UNIX)
> - arp
> - route
> - netstat
>
> and if you really need a sniffer there's WinDump (free), NetXRay (or
> Sniffer
> Basic now by Network Associates), and a few other utilities.
>
> Don't get me wrong, I'm still not advocating Windows, but these arguments
> I
> think are no longer valid. What really seperates UNIX firewalls from NT
> firewalls is performance, stability, high-availability, load-balancing,
> bandwidth management, etc.
>
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Ng, Kenneth
> > Sent: Wednesday, June 02, 1999 10:31 AM
> > To: 'Brian Steele'; [EMAIL PROTECTED]
> > Subject: RE: Why not NT?
> >
> >
> > We have a couple of NT firewalls (Raptor to be precise) and they are ok
> as
> > long as everything works. The trouble is, quite often things
> > don't, and the
> > firewall is always the first component to be blamed. With the
> > solaris units
> > its easy to diagnose: srl (a sort of brain damaged ssh) to the
> > box, and you
> > have full Unix diagnostics to do things like snoop, ping,
> > traceroute, check
> > the arp cache, etc, etc, etc. In almost every case, the firewall was
> not
> > the problem, but we are guilty until proven innocent. On NT, well, I'm
> > reminded of the old Texas Instruments single computer error
> > message: "can't
> > do that".
> >
> > As far as security goes, Microsoft as an extremely poor record
> > for security
> > and for platform stability. One of the big things in security is
> > how often
> > things are compromised and how fast problems are fixed. NT gets
> > compromised
> > regularily. And an annoying percentage of the time when a new
> > exploit tool
> > comes out, Microsoft's response is "this is not a new
> > vunerability". That's
> > true, its not, but you still have not fixed the old one. And,
> > the number of
> > people using that vunerability goes from a few hundred people with
> > specialized programs to a million script kiddies. And a million script
> > kiddies is a fine example of decentralized parrallel processing.
> >
> > For right now, we are only buying Solaris Raptor firewalls, the one NT
> box
> > has been phased out. Sure in a few months there will be that new
> > NT product
> > or service pack that promises to fix everything in the world and
> > be the best
> > thing since sliced bread. But because I've been burned by NT
> > several times
> > before, my inclination is to stay away.
> >
> > > -----Original Message-----
> > > From: Brian Steele [SMTP:[EMAIL PROTECTED]]
> > > Sent: Wednesday, June 02, 1999 8:05 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: RE: Why not NT?
> > >
> > > What's so funny about this whole thread is these guys ranting and
> raving
> > > about NT being not suitable for Firewall work, but many companies are
> > > happily, and successfully, employing NT Firewalls anyway.
> > >
> > > Perhaps what they should really be asking is what do those
> > companies know
> > > about employing an NT-based system that they don't.
> > >
> > > Ignorance is not knowing.
> > > Stupidity is the active pursuit of ignorance.
> > >
> > > Brian Steele
> > >
> > >
> > >
> > > -
> > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > "unsubscribe firewalls" in the body of the message.]
> > ******************************************************************
> > ***********
> > The information in this email is confidential and may be legally
> > privileged.
> > It is intended solely for the addressee. Access to this email by
> > anyone else
> > is unauthorized.
> >
> > If you are not the intended recipient, any disclosure, copying,
> > distribution
> > or any action taken or omitted to be taken in reliance on it, is
> > prohibited
> > and may be unlawful. When addressed to our clients any opinions or
> advice
> > contained in this email are subject to the terms and conditions
> > expressed in
> > the governing KPMG client engagement letter.
> > ******************************************************************
> > ***********
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.
If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
*****************************************************************************
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
