From: "gill" <[EMAIL PROTECTED]> on 11/06/99 04:21
>
> It has been my experience that the majority [of FW1's] are installed
> on Solaris and NT boxes.
> [Snip]
>
> This reasoning does not lead me to believe that the NT OS is an inherently
> secure one, but it does lead me to believe even more strongly that the NT
> OS *can* be made secure and that the real important factor is the installation
> and administration ... a point that has been made several times through
> the course of this discussion.
>
Sorry for adding to the noise - I just can't stay quiet any more.
Fact: FW1 on NT is simply not as good as FW1 on Solaris.
For instance, I've seen FW1's on NT go belly-up just
by sending them several large, illegally-fragmented pings.
As you may guess, this does not happen to FW1's running
on Solaris.
You simply cannot judge security from popularity.
Once you start looking at NT in detail, and I don't
mean looking at what services are running and what
Microsoft says that they do, you can clearly see the flaws.
I do C coding on NT systems as well as *nix systems, and
at a low level at that. I'm not religious here - I view
the different OSes as a palette of tools, with different
pros and cons, to choose from to the create the best
solution for a given task.
One particular problem with Windows is the flawed design of
its Winsock implementation. It's the old Win 3.11 (Wolverine?)
winsock revved up to 32 bits, patched, tweaked and
patched again to work with the multitude of protocols that
customers demand windows to work with.
The real overall problem is the lack of well-defined programming
interfaces between the different layers. The fact is that
the entire network module of Windows (any flavour) is
really just one large code-cludge where calls are being
made in all directions.
Take, for instance, the childishly simple attack where
you send ARP replies to a Windows machine, saying that
you are using the same IP address as that Windows machine.
For some reason that I will never understand, dialog
boxes start popping up on your screen?!?! And if you
keep pumping ARP replies, the message queue floods and
the machine goes belly up!
Now do you really think that that is testimony to a sound
programming approach? Having one of the lowest-level
network protocols interact directly with the GUI?
The tradition in Unix systems has been to layer and separate
everything, and document the well-defined interfaces between
these components. These interfaces may be function calls,
streams or network protocols, it's all there.
This is the foundation of the security and reliability of
unix flavour OSes.
Actually, my personal opinion is that the *best* foundation
for a firewall is a "clean slate". That is, run the firewall
on its OWN miniature operating system, and start with a clean
IP stack that is designed to do only two things : forward and
filter packets.
Doing that, you don't need to start patching up the underlying
operating system and IP stack with its complex and therefore
inherently insecure design. Operating systems need to be able
to do LOTS of things. Firewalls don't.
'nuff rambling.
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 �RNSK�LDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
