From: Paul D. Robertson <[EMAIL PROTECTED]>
> On Thu, 10 Jun 1999, John Wiltshire wrote:
>
> > Let's have a look at some really prejudiced, unfounded NT bashing...
>
> Followed by some really prejudiced, unfounded NT advocacy...
Sure, why not? I always like to be proven wrong - helps me learn.
> > No. Physically protecting the network is required because TCP/IP is
> > vulnerable to man-in-the-middle attacks and other denial of service
attacks.
>
> Dockmaster II seems to be under evaluation for a *network* B2 rating with
> the intent of NSA placing the beast on the Internet with classified
> information resident on the box. Perhaps you can cite a reference in
> the evaluation that says why physically protecting the network is felt
> necessary by this particular evaluation team or vendor instead of
> spreading the same type of conjecture that you accuse the person you're
> responding of? Are you implying that a lowly C2 *host* evaluation places
> more emphasis on the insecurity of IP than a *network* B2 one?
No, because for a start I wasn't talking about the C2 evaluation at all.
That would be stupid as it didn't look at any of the networking capabilities
of NT. I was talking about the ITSEC review which *did* include the
networking and authentication mechanisms.
As for my rationale in blaming TCP/IP for physically secure networking:
i) Security trust is established between machines on NT through the NTLM
authentication process. Dockmaster provides a single host interface to the
web which does not require trust of another machine in the network.
ii) Perhaps I was a bit premature? NetBeui was also enabled in the
certified system and it is less secure than TCP/IP.
iii) It was a good scapegoat. NTLM is suspect to man-in-the middle attacks
in the setting up of trusts between domains and server/workstation within
the domain - there was a discussion of this in NTBugtraq a little while ago.
As I said before, Dockmaster is obviously not susceptible to this due to its
failing to trust any other machine and having a different networking
strategy.
Is this a cop-out on NT? I don't believe so. Your views may vary of
course.
Now, is it fair to compare Dockmaster to NT in a firewalling situation? How
many clients would you in good conscience recommend Dockmaster as a firewall
system? Probably a lot less than I'd recommend NT to...
> > > "What slays me about Microsoft is how badly their software can coexist
> > > with other products, *including their own*. A classic example is
> > > their aforementioned Proxy Server. When you set up NT with the Option
> > > Pack and Service Pack 3, it installs Internet Information Server 4.0
> > > by default. Which is fine, except for one small detail: it *breaks*
> > > Proxy Server. We had to back IIS 4.0 out of the system and install
> > > IIS 3.0, which has no trouble working with Proxy Server. AFAIK, there
> > > is still no fix to get Proxy Server working properly with IIS 4.0."
> >
> > Except this comment is just plain wrong. We have had Proxy server
working
> > with IIS4 just fine for over a year now.
>
> "If it works for some people and not others, it's a specious argument,
> and has nothing to do with the order of fixes applied, or the vendor's
> fix strategy?" Some people put a lot of work into trying to get some fix
> and patch ordering mechanisms done because it wasn't designed into the
> product or its upgrade mechanism. That's a failing, if you choose not to
> recognise it as such or not.
Hmm... I installed IIS4 and Proxy Server 2.0 as recommended in the
installation document PROVIDED BY MICROSOFT. Read the release notes for
Proxy Server (Q174922).
> > Did you bother to check your facts before you went public, or just
posted
> > rhetoric that you heard about for your own unfounded prejudices?
>
> Tried to implement the software and failed, seems pretty founded to me.
> Also seems indicitive of the "moving target" syndrome I listed in the
> list that none of the NT advocates seems to want to talk about.
I'm happy to talk about it.
How is NT any more of a moving target than systems such as Solaris, Linux or
HP/UX. All of these have been reviewed at least as many times as NT since
1993, Linux in fact has been reviewed many times more.
Microsoft is still rolling out service packs for NT 3.51 because it worked
well and people still use it because it is not the "moving target" you are
alluding to. In fact I would say the whole thing is a strawman argument.
> > Yeah. Just like those Unix systems that passed with no apps. Get a
> > freaking clue!!
>
> With the caveat that it's under evaluation (or was last time I looked -
> I've not checked to see where it is in the cycle recently), and there's
> been no FER yet, DG/UX at _network_ B2 with DOCKMASTER II includes an
Apache
> derrivative, Sendmail and Cybershield in the configuration. As a part of
the
> TCB, they carry the rating configured and in-use on the system. Now, I've
not
> looked at any of the CMW or other *nix validations, so I'll ask- are
> *you* sure no applications were included in the TCB, or is this
conjecture?
For a start, it was ITSEC, not C2 that we were talking about. I'll happily
say that particular NT systems being rated C2 means nothing at all except
that it is a proof of concept. Now ITSEC is a vastly different question -
it shows that a system can be made ITSEC compliant through following a set
of installation guidelines.
ITSEC rates NT as an operating system, and as such does not include
applications in the system. However, included in the installation
instructions is "Install applications (such as Microsoft Office 97) as
required." Seems to indicate some apps were included (though not as part of
the TCB).
> > NT *is* secure if you want to make it secure. Its bigots like you that
> > don't have a clue about the whole thing and just post rhetoric about a
>
> Rhetoric like "It works for me so you're lying?" Security systems need
> to be predictable. Every single NT installation I've done, and
> almost every one that my company has done has been on vendor-certified
> hardware. We've had many of the same problems that others (which would
seem
> to be most of the world excluding you) have had. We've had systems that
> function fine too - that unpredictability is the root of a *lot* of the
> distrust. Most of the rest are outlined in my first post on this topic.
Feel
> free to debate *any* of those points rationally, or all of them if you
think
> you can. Note that we're talking security engineering principles and
design
> principles.
Ok. No probs.
> > system they don't understand because they don't want to understand it
that
> > really make me glad I use NT.
>
> I'd gladly compare my clue with your clue on the OS of your choice and
> any of the several OS' of mine. I've worked professionally on a few (~20)
> operating systems back through DOS on an IBM System/360 (Yes, there was
> another OS named DOS before the PC was a gleam in anyone's eye) and going
> forward *including* NT. I've written security front ends in assembler for
> minicomputers, and transaction and command processors in assembler for
> mainframes. I've had RACF special and class A-Z on VM/CMS. I've
> extended secure networks carrying classified data to hotel rooms in
> foreign countries with an active intellegence threat. In short, my
> comments are based on quite a significant history of computing and
> security practice and a deep understanding.
>
> I doubt that you have a greater level of understanding of NT than I do
> (though there are people on this list who most definitely do), and I'll
bet
> that you have a lesser level of understanding of most *any* OS that
> doesn't run on an octal-based system (I flirted only briefly with VAXen)
than
> I do. Given that, I'd say that it's pretty specious of you to argue that
> something else isn't a better security choice. Oh, but you're not taking
a
> bigoted position or arguing based on advocacy, right?
>
> I based my list of "Why not NT" on a large ammount of real-world
experience,
> historicly good security design principles, etc. The same people
> saying "NT is secure" were saying the same thing before LANMan hashes
> were broken, before hidden shares had been discovered, were deploying the
> original PPTP and saying "nobody's broken into my site so it's secure,"
etc.
>
> So, let's strip away the OS religion and talk about good design, security
> properties, and trust management. Drag out the original list I posted
> and refute "Why not NT" on a point by point basis. My points apply not
> only to NT, but to some Unicies and a lot of other OS' as well.
>
> If you can't refute the technical points, all the name-calling and
> advocacy in the world means squat.
My point exactly. You claim to have such a good knowledge of systems and
yet can't reliable install an NT system when plenty of other people in the
world can (go over to NTBugtraq sometime and see for yourself).
I'm not claiming my knowledge is a broad as yours, just my prejudice is
somewhat less radical as yours. You say now that your points apply equally
to NT as to Unix systems and other OSes and yet you posted nothing like this
in your original post. If you are as unbiased as you want to make out now
then you should have said so in the list of points, rather than flaming NT
specifically.
I'll reply to your list of points in a separate mail.
Regards,
John Wiltshire
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
