On Thu, 3 Jun 1999, Don Kelloway wrote:
> Part of my "paring" down process with NT4, is to go into Services and
> configure the StartUp option to "Disable" for all but the following:
>
> EventLog
> Plug and Play
> and the Remote Procedure Call (RPC) Service
The original term came from my list of things, and I used it specificly.
When I said "paring down", I meant paring as in "cutting off", not
"hitting the off button." While I certainly disable services on any
platform I work on, from a security perspective, completely removing
things gives a higher level of assurance than hitting the off switch.
I'll use an extreme example to illustrate my point, then perhaps you can
parallel it with your experiences.
If I install a FreeBSD machine (and for now, we'll ignore the decided
advantage being able to rip code out of the kernel provides and just
discuss object code) and do a general install I'll end up with ~300 MB of
software. If I want to turn this into a proxy and stateful packet filtering
(hybrid) firewall with the bare minimum of code necessary to function as such
and give reasonable administrative and diagnostic capability, I can easily
remove software from the system until it's around 3-5 MB of code. If I
were an extremist, I could probably get it down even further.
Now, take the number of potential bugs in 300 MB of code and the number of
bugs in 3 MB of code, knowing that in the 300 MB side there's a lot of
non-critical things that don't get attention, exraneous libraries that
will never be called on a firewall, etc. and in the 3 MB side there's mostly
critical code. I think we can almost all agree that all things being equal
the level of assurance given to the machine with 3M of object code would be
higher and validation would be easier. I also think we could all agree that
change control on the 3 MB of code would be easier, making integrity checking
more efficient.
Now, my predicate above is "all things being equal." I'm not sure we
could all agree that they are. What I'd like to see at this point is a
discussion of where NT as an operating system has security advantages.
Given that *nix is a collection of a dozen possibilities, you'll find
counters for most one-to-one comparisons like strong ACLs which NT has and
some *nix systems don't. Because if I'm to lose assurance, I need to
know what I'm going to gain to offset that loss.
>From x MB of code to y MB of code, how much can you pare down NT? How
much code is a bare minimum application layer gateway with packet filtering?
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
