Christopher, you make an excellent point. I currently work in a
predominantly NT shop. Myself and my Network Manager are both fluent in NT
and UNIX.
However, in the past I've worked in a mixed UNIX/NT environment (HP-UX
10.xx), with the HP-9000 running an ERP application. I was amazed at how
much the software vendor's tech group knew about UNIX, TCP/IP, and most
networking issues (this was a client/server application after all). yet,
you could take these people out of their element and they were totally
clueless about NT. I'd get dumb questions like "how do you integrate the NT
and HP servers?".
In my belief, it's all about who you assign to the job.
On one other note, regarding the stability of NT. It was said that the
hardware makes all the difference. Again, a very true statement. Sure
HP-UX seems stable, as well it should running on a $50k HP-9000 box. I
always find it amusing that people seem to think it's OK to run NT server on
a home-built PC using generic parts. We have nothing but Dell servers and
our uptime is excellent. Again, only needing to reboot when applying
service packs or making a network configuration change. We also make it a
point to reboot the servers once every 2-3 months, just to clear the memory
cache. But we've never experienced any blue screens or instability from our
NT servers.
-Jesus
___________________________________________
Jesus Gonzalez
Director, Information Technology
National Childhood Cancer Foundation
626.447.1674 x208
626.447.2197 //FAX//
[EMAIL PROTECTED]
___________________________________________
-----Original Message-----
From: Rouland, Chris (ISSAtlanta) [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 02, 1999 11:01 PM
To: [EMAIL PROTECTED]
Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Bergman, Bret;
Maines, Gigi; Mascis, Christopher; '[EMAIL PROTECTED]'
Subject: RE: Why not NT?
Kenneth,
The issues you are referring to are not platform specific, but are a
function of your implementation. I will be the first to acknowledge that
MSFT security policy and quick fix engineering was inadequate as of '97.
However, things in Redmond have changed significantly over the last two
years. The MSFT security team has done an excellent job in adapting to this
dynamic space. The issues that you have in deploying NT securely IMO are
not a function of the technology, but a function of expertise. Do you think
a Solaris expert could effectively deploy an NT solution? Conversely, I
wouldn't expect an NT expert to deploy a Solaris firewall appropriately
(unless you are fortunate enough to acquire a bi-lingual SA). Point being,
the technology is not as relevant as the resources applied to it.
--
Christopher Rouland
Director X-Force
Internet Security Systems, Inc.
http://www.iss.net/xforce
(678)443 6000
-----Original Message-----
From: Ng, Kenneth [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 02, 1999 1:31 PM
To: 'Brian Steele'; [EMAIL PROTECTED]
Subject: RE: Why not NT?
We have a couple of NT firewalls (Raptor to be precise) and they are ok as
long as everything works. The trouble is, quite often things don't, and the
firewall is always the first component to be blamed. With the solaris units
its easy to diagnose: srl (a sort of brain damaged ssh) to the box, and you
have full Unix diagnostics to do things like snoop, ping, traceroute, check
the arp cache, etc, etc, etc. In almost every case, the firewall was not
the problem, but we are guilty until proven innocent. On NT, well, I'm
reminded of the old Texas Instruments single computer error message: "can't
do that".
As far as security goes, Microsoft as an extremely poor record for security
and for platform stability. One of the big things in security is how often
things are compromised and how fast problems are fixed. NT gets compromised
regularily. And an annoying percentage of the time when a new exploit tool
comes out, Microsoft's response is "this is not a new vunerability". That's
true, its not, but you still have not fixed the old one. And, the number of
people using that vunerability goes from a few hundred people with
specialized programs to a million script kiddies. And a million script
kiddies is a fine example of decentralized parrallel processing.
For right now, we are only buying Solaris Raptor firewalls, the one NT box
has been phased out. Sure in a few months there will be that new NT product
or service pack that promises to fix everything in the world and be the best
thing since sliced bread. But because I've been burned by NT several times
before, my inclination is to stay away.
> -----Original Message-----
> From: Brian Steele [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, June 02, 1999 8:05 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Why not NT?
>
> What's so funny about this whole thread is these guys ranting and raving
> about NT being not suitable for Firewall work, but many companies are
> happily, and successfully, employing NT Firewalls anyway.
>
> Perhaps what they should really be asking is what do those companies know
> about employing an NT-based system that they don't.
>
> Ignorance is not knowing.
> Stupidity is the active pursuit of ignorance.
>
> Brian Steele
>
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
****************************************************************************
*
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.
If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
****************************************************************************
*
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
